diff options
| author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-05-14 11:13:40 +0000 |
|---|---|---|
| committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-05-14 11:13:40 +0000 |
| commit | 19f0852363d26f44307e40d0c447f7527b4c36d8 (patch) | |
| tree | 710578840c63986a5ed389ee4190f057a5c601c1 | |
| parent | 25e5b66798e1b11afd5aad6560c9136677090c52 (diff) | |
merge revision(s) 40728:
* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when
$SAFE > 0.
* ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.
* test/fiddle/test_func.rb (module Fiddle): add test for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@40729 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | ext/dl/lib/dl/func.rb | 3 | ||||
| -rw-r--r-- | ext/fiddle/function.c | 9 | ||||
| -rw-r--r-- | test/fiddle/test_func.rb | 10 | ||||
| -rw-r--r-- | version.h | 6 |
5 files changed, 33 insertions, 3 deletions
@@ -1,3 +1,11 @@ +Tue May 14 20:11:00 2013 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + * ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when + $SAFE > 0. + * ext/fiddle/function.c (function_call): check tainted when $SAFE > 0. + * test/fiddle/test_func.rb (module Fiddle): add test for above. + + Sun May 12 22:42:25 2013 KOSAKI Motohiro <kosaki.motohiro@gmail.com> * signal.c (rb_f_kill): fixes typo. s/HAS_KILLPG/HAVE_KILLPG/. diff --git a/ext/dl/lib/dl/func.rb b/ext/dl/lib/dl/func.rb index a2e503835f..543711f651 100644 --- a/ext/dl/lib/dl/func.rb +++ b/ext/dl/lib/dl/func.rb @@ -92,6 +92,9 @@ module DL super else funcs = [] + if $SAFE >= 1 && args.any? { |x| x.tainted? } + raise SecurityError, "tainted parameter not allowed" + end _args = wrap_args(args, @stack.types, funcs, &block) r = @cfunc.call(@stack.pack(_args)) funcs.each{|f| f.unbind_at_call()} diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c index c184c78663..eecd755f1f 100644 --- a/ext/fiddle/function.c +++ b/ext/fiddle/function.c @@ -126,6 +126,15 @@ function_call(int argc, VALUE argv[], VALUE self) TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif); + if (rb_safe_level() >= 1) { + for (i = 0; i < argc; i++) { + VALUE src = argv[i]; + if (OBJ_TAINTED(src)) { + rb_raise(rb_eSecurityError, "tainted parameter not allowed"); + } + } + } + values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *)); generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic)); diff --git a/test/fiddle/test_func.rb b/test/fiddle/test_func.rb index e77229b7e8..92bcd8ed25 100644 --- a/test/fiddle/test_func.rb +++ b/test/fiddle/test_func.rb @@ -7,6 +7,16 @@ module Fiddle assert_nil f.call(10) end + def test_syscall_with_tainted_string + f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT) + assert_raises(SecurityError) do + Thread.new { + $SAFE = 1 + f.call("uname -rs".taint) + }.join + end + end + def test_sinf begin f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT) @@ -1,10 +1,10 @@ #define RUBY_VERSION "2.0.0" -#define RUBY_RELEASE_DATE "2013-05-12" -#define RUBY_PATCHLEVEL 193 +#define RUBY_RELEASE_DATE "2013-05-14" +#define RUBY_PATCHLEVEL 194 #define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_MONTH 5 -#define RUBY_RELEASE_DAY 12 +#define RUBY_RELEASE_DAY 14 #include "ruby/version.h" |