diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-08-08 15:33:47 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-08-08 15:33:47 +0000 |
commit | b1e7a961d2b728a66cf1c0a706de344b2b78e812 (patch) | |
tree | 1a7444c25f65e23442088e5c031ddfc7d2b2ed8f | |
parent | 59dc7d4c9641204275fb9d93ffbd99baf3c58a98 (diff) |
merges r24396 from trunk into ruby_1_9_1.
--
* lib/pp.rb (guard_inspect_key): untrust internal hash to prevent
unexpected SecurityError.
* test/ruby/test_object.rb: add a test for [ruby-dev:38982].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@24466 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | lib/pp.rb | 6 | ||||
-rw-r--r-- | test/ruby/test_object.rb | 36 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 47 insertions, 4 deletions
@@ -1,3 +1,10 @@ +Wed Aug 5 01:38:27 2009 Yusuke Endoh <mame@tsg.ne.jp> + + * lib/pp.rb (guard_inspect_key): untrust internal hash to prevent + unexpected SecurityError. + + * test/ruby/test_object.rb: add a test for [ruby-dev:38982]. + Tue Aug 4 22:10:34 2009 NAKAMURA Usaku <usa@ruby-lang.org> * win32/win32.c (has_redirection): need to execute shell if commandline @@ -107,17 +107,17 @@ class PP < PrettyPrint module PPMethods def guard_inspect_key if Thread.current[:__recursive_key__] == nil - Thread.current[:__recursive_key__] = {} + Thread.current[:__recursive_key__] = {}.untrust end if Thread.current[:__recursive_key__][:inspect] == nil - Thread.current[:__recursive_key__][:inspect] = {} + Thread.current[:__recursive_key__][:inspect] = {}.untrust end save = Thread.current[:__recursive_key__][:inspect] begin - Thread.current[:__recursive_key__][:inspect] = {} + Thread.current[:__recursive_key__][:inspect] = {}.untrust yield ensure Thread.current[:__recursive_key__][:inspect] = save diff --git a/test/ruby/test_object.rb b/test/ruby/test_object.rb index 2116c6a216..14f189685b 100644 --- a/test/ruby/test_object.rb +++ b/test/ruby/test_object.rb @@ -405,4 +405,40 @@ class TestObject < Test::Unit::TestCase assert_equal(true, s.untrusted?) assert_equal(true, s.tainted?) end + + def test_exec_recursive + Thread.current[:__recursive_key__] = nil + a = [[]] + a.inspect + + assert_nothing_raised do + -> do + $SAFE = 4 + begin + a.hash + rescue ArgumentError + end + end.call + end + + -> do + assert_nothing_raised do + $SAFE = 4 + a.inspect + end + end.call + + -> do + o = Object.new + def o.to_ary(x); end + def o.==(x); $SAFE = 4; false; end + a = [[o]] + b = [] + b << b + + assert_nothing_raised do + b == a + end + end.call + end end @@ -1,5 +1,5 @@ #define RUBY_VERSION "1.9.1" -#define RUBY_PATCHLEVEL 270 +#define RUBY_PATCHLEVEL 271 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 9 #define RUBY_VERSION_TEENY 1 |