ruby-changes:6978
From: matz <ko1@a...>
Date: Mon, 11 Aug 2008 20:34:03 +0900 (JST)
Subject: [ruby-changes:6978] Ruby:r18496 (trunk): * ext/dl/cfunc.c (rb_dlcfunc_call): add taint check.
matz 2008-08-11 20:33:44 +0900 (Mon, 11 Aug 2008) New Revision: 18496 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=18496 Log: * ext/dl/cfunc.c (rb_dlcfunc_call): add taint check. * ext/dl/dl.c (rb_dl_malloc): add rb_secure(2). * ext/dl/dl.c (rb_dl_realloc): ditto. * ext/dl/dl.c (rb_dl_free): ditto. * ext/dl/dl.c (rb_dl_ptr2value): ditto. Modified files: trunk/ChangeLog trunk/ext/dl/cfunc.c trunk/ext/dl/cptr.c trunk/ext/dl/dl.c Index: ChangeLog =================================================================== --- ChangeLog (revision 18495) +++ ChangeLog (revision 18496) @@ -1,3 +1,15 @@ +Mon Aug 11 20:27:12 2008 Yukihiro Matsumoto <matz@r...> + + * ext/dl/cfunc.c (rb_dlcfunc_call): add taint check. + + * ext/dl/dl.c (rb_dl_malloc): add rb_secure(2). + + * ext/dl/dl.c (rb_dl_realloc): ditto. + + * ext/dl/dl.c (rb_dl_free): ditto. + + * ext/dl/dl.c (rb_dl_ptr2value): ditto. + Mon Aug 11 20:11:21 2008 Nobuyoshi Nakada <nobu@r...> * gc.c (getrusage_time): works only if RUSAGE_SELF is defined right Index: ext/dl/cfunc.c =================================================================== --- ext/dl/cfunc.c (revision 18495) +++ ext/dl/cfunc.c (revision 18496) @@ -260,6 +260,7 @@ if( i >= DLSTACK_SIZE ){ rb_raise(rb_eDLError, "too many arguments (stack overflow)"); } + rb_check_safe_obj(RARRAY_PTR(ary)[i]); stack[i] = NUM2LONG(RARRAY_PTR(ary)[i]); } Index: ext/dl/dl.c =================================================================== --- ext/dl/dl.c (revision 18495) +++ ext/dl/dl.c (revision 18496) @@ -22,6 +22,7 @@ { void *ptr; + rb_secure(4); ptr = (void*)ruby_xmalloc(NUM2INT(size)); return PTR2NUM(ptr); } @@ -31,6 +32,7 @@ { void *ptr = NUM2PTR(addr); + rb_secure(4); ptr = (void*)ruby_xrealloc(ptr, NUM2INT(size)); return PTR2NUM(ptr); } @@ -39,6 +41,8 @@ rb_dl_free(VALUE self, VALUE addr) { void *ptr = NUM2PTR(addr); + + rb_secure(4); ruby_xfree(ptr); return Qnil; } @@ -46,6 +50,7 @@ VALUE rb_dl_ptr2value(VALUE self, VALUE addr) { + rb_secure(4); return (VALUE)NUM2PTR(addr); } Index: ext/dl/cptr.c =================================================================== --- ext/dl/cptr.c (revision 18495) +++ ext/dl/cptr.c (revision 18496) @@ -416,29 +416,33 @@ VALUE rb_dlptr_s_to_ptr(VALUE self, VALUE val) { - if( rb_obj_is_kind_of(val, rb_cIO) == Qtrue ){ + VALUE ptr; + + if (rb_obj_is_kind_of(val, rb_cIO) == Qtrue){ rb_io_t *fptr; FILE *fp; GetOpenFile(val, fptr); fp = rb_io_stdio_file(fptr); - return rb_dlptr_new(fp, 0, NULL); + ptr = rb_dlptr_new(fp, 0, NULL); } - else if( rb_obj_is_kind_of(val, rb_cString) == Qtrue ){ + else if (rb_obj_is_kind_of(val, rb_cString) == Qtrue){ char *ptr = StringValuePtr(val); - return rb_dlptr_new(ptr, RSTRING_LEN(val), NULL); + ptr = rb_dlptr_new(ptr, RSTRING_LEN(val), NULL); } - else if( rb_respond_to(val, id_to_ptr) ){ + else if (rb_respond_to(val, id_to_ptr)){ VALUE vptr = rb_funcall(val, id_to_ptr, 0); - if( rb_obj_is_kind_of(vptr, rb_cDLCPtr) ){ - return vptr; + if (rb_obj_is_kind_of(vptr, rb_cDLCPtr)){ + ptr = vptr; } else{ rb_raise(rb_eDLError, "to_ptr should return a CPtr object"); } } else{ - return rb_dlptr_new(NUM2PTR(rb_Integer(val)), 0, NULL); + ptr = rb_dlptr_new(NUM2PTR(rb_Integer(val)), 0, NULL); } + OBJ_INFECT(ptr, val); + return ptr; } void -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/