diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-06-22 04:36:54 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-06-22 04:36:54 +0000 |
commit | 0b0dea752c0ef35d1a964b812a1a7fd033ab9e2e (patch) | |
tree | 5809b3a6a5fe233e25fccfd532f447c82fd67e8a | |
parent | 77898c33e38be4333112986f9f4f68867f8ce7ca (diff) |
random.c: check initialize and load
* random.c (random_init, random_load): cannot initialize frozen object
again, nor with tainted/untrusted object. [Bug #6540]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | random.c | 3 | ||||
-rw-r--r-- | test/ruby/test_rand.rb | 21 |
3 files changed, 29 insertions, 0 deletions
@@ -1,3 +1,8 @@ +Fri Jun 22 13:36:50 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * random.c (random_init, random_load): cannot initialize frozen object + again, nor with tainted/untrusted object. [Bug #6540] + Fri Jun 22 13:32:33 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> * error.c (rb_check_copyable): new function, to ensure the target is @@ -462,10 +462,12 @@ random_init(int argc, VALUE *argv, VALUE obj) rb_random_t *rnd = get_rnd(obj); if (argc == 0) { + rb_check_frozen(obj); vseed = random_seed(); } else { rb_scan_args(argc, argv, "01", &vseed); + rb_check_copyable(obj, vseed); } rnd->seed = rand_init(&rnd->mt, vseed); return obj; @@ -686,6 +688,7 @@ random_load(VALUE obj, VALUE dump) VALUE *ary; unsigned long x; + rb_check_copyable(obj, dump); Check_Type(dump, T_ARRAY); ary = RARRAY_PTR(dump); switch (RARRAY_LEN(dump)) { diff --git a/test/ruby/test_rand.rb b/test/ruby/test_rand.rb index c7139818de..a722c67f4a 100644 --- a/test/ruby/test_rand.rb +++ b/test/ruby/test_rand.rb @@ -484,4 +484,25 @@ END Random.new.marshal_load(0) } end + + def test_marshal_load_frozen + r = Random.new(0) + d = r.marshal_dump + r.freeze + assert_raise(RuntimeError, '[Bug #6540]') do + r.marshal_load(d) + end + end + + def test_marshal_load_insecure + r = Random.new(0) + d = r.marshal_dump + l = proc do + $SAFE = 4 + r.marshal_load(d) + end + assert_raise(SecurityError, '[Bug #6540]') do + l.call + end + end end |