diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 1998-07-17 00:53:50 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 1998-07-17 00:53:50 +0000 |
commit | 20e305950e9fb53e1b1cb338f9b04b1be43fd7bb (patch) | |
tree | 754daef2510303834280c46b75777f650766e540 | |
parent | c30c3bffe472ee999fc722f63dd1c1984db1d1ce (diff) |
substr() taint
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/v1_1r@269 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | lib/cgi-lib.rb | 6 | ||||
-rw-r--r-- | string.c | 28 |
3 files changed, 24 insertions, 17 deletions
@@ -1,3 +1,10 @@ +Thu Jul 16 22:58:48 1998 Yukihiro Matsumoto <matz@netlab.co.jp> + + * string.c (scan_once): substrings to the block should not be + tainted. use reg_nth_match(), not str_substr(). + + * string.c (str_substr): needed to transfer taint. + Wed Jul 15 15:11:57 1998 Yukihiro Matsumoto <matz@netlab.co.jp> * experimental release 1.1b9_31. diff --git a/lib/cgi-lib.rb b/lib/cgi-lib.rb index c6c1caa98b..7033f0f8c1 100644 --- a/lib/cgi-lib.rb +++ b/lib/cgi-lib.rb @@ -53,18 +53,16 @@ class CGI < SimpleDelegator when "GET" # exception messages should be printed to stdout. STDERR.reopen(STDOUT) - ENV['QUERY_STRING'] or "" when "POST" # exception messages should be printed to stdout. STDERR.reopen(STDOUT) - - input.read ENV['CONTENT_LENGTH'].to_i + input.read Integer(ENV['CONTENT_LENGTH']) else read_from_cmdline end.split(/&/).each do |x| key, val = x.split(/=/,2).collect{|x|unescape(x)} - if @inputs.include?('key') + if @inputs.include?(key) @inputs[key] += "\0" + (val or "") else @inputs[key] = (val or "") @@ -287,6 +287,8 @@ str_substr(str, start, len) VALUE str; int start, len; { + VALUE str2; + if (start < 0) { start = RSTRING(str)->len + start; } @@ -297,7 +299,10 @@ str_substr(str, start, len) len = RSTRING(str)->len - start; } - return str_new(RSTRING(str)->ptr+start, len); + str2 = str_new(RSTRING(str)->ptr+start, len); + if (str_tainted(str)) str_taint(str2); + + return str2; } static VALUE @@ -972,7 +977,7 @@ str_sub_iter_s(str, pat, once) VALUE pat; int once; { - VALUE val, result; + VALUE val, match, result; int beg, offset, n; struct re_registers *regs; @@ -998,10 +1003,11 @@ str_sub_iter_s(str, pat, once) while ((beg=reg_search(pat, str, offset, 0)) >= 0) { n++; - regs = RMATCH(backref_get())->regs; + match = backref_get(); + regs = RMATCH(match)->regs; str_cat(result, RSTRING(str)->ptr+offset, beg-offset); - val = obj_as_string(rb_yield(reg_nth_match(0, backref_get()))); + val = obj_as_string(rb_yield(reg_nth_match(0, match))); str_cat(result, RSTRING(val)->ptr, RSTRING(val)->len); if (BEG(0) == END(0)) { @@ -2391,12 +2397,13 @@ scan_once(str, pat, start) VALUE str, pat; int *start; { - VALUE result; + VALUE result, match; struct re_registers *regs; int i; if (reg_search(pat, str, *start, 0) >= 0) { - regs = RMATCH(backref_get())->regs; + match = backref_get(); + regs = RMATCH(match)->regs; if (END(0) == *start) { *start = END(0)+1; } @@ -2404,16 +2411,11 @@ scan_once(str, pat, start) *start = END(0); } if (regs->num_regs == 1) { - return str_substr(str, BEG(0), END(0)-BEG(0)); + return reg_nth_match(0, match); } result = ary_new2(regs->num_regs); for (i=1; i < regs->num_regs; i++) { - if (BEG(i) == -1) { - ary_push(result, Qnil); - } - else { - ary_push(result, str_substr(str, BEG(i), END(i)-BEG(i))); - } + ary_push(result, reg_nth_match(i, match)); } return result; |