diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-17 15:09:24 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-17 15:09:24 +0000 |
commit | b18c513e24dad5f464701a4ad49ac699f435bbbe (patch) | |
tree | 0d8e0504f170a8ed9a1d12ec2d647a5034f9e8c7 | |
parent | f5767da6d7815bd14b1bf31a1abbd095adebd73f (diff) |
merge revision(s) 65125:
infect taint flag on Array#pack and String#unpack
with the directives "B", "b", "H" and "h".
* pack.c (pack_pack, pack_unpack_internal): infect taint flag.
* test/ruby/test_pack.rb: add test for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@65130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | pack.c | 7 | ||||
-rw-r--r-- | test/ruby/test_pack.rb | 16 | ||||
-rw-r--r-- | version.h | 6 |
3 files changed, 26 insertions, 3 deletions
@@ -751,6 +751,7 @@ pack_pack(VALUE ary, VALUE fmt) StringValue(from); ptr = RSTRING_PTR(from); plen = RSTRING_LEN(from); + OBJ_INFECT(res, from); if (len == 0 && type == 'm') { encodes(res, ptr, plen, type, 0); @@ -778,6 +779,7 @@ pack_pack(VALUE ary, VALUE fmt) case 'M': /* quoted-printable encoded string */ from = rb_obj_as_string(NEXTFROM); + OBJ_INFECT(res, from); if (len <= 1) len = 72; qpencode(res, from, len); @@ -803,6 +805,7 @@ pack_pack(VALUE ary, VALUE fmt) } else { t = StringValuePtr(from); + OBJ_INFECT(res, from); rb_obj_taint(from); } if (!associates) { @@ -1292,6 +1295,7 @@ pack_unpack(VALUE str, VALUE fmt) len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 7) bits >>= 1; @@ -1313,6 +1317,7 @@ pack_unpack(VALUE str, VALUE fmt) len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 7) bits <<= 1; @@ -1334,6 +1339,7 @@ pack_unpack(VALUE str, VALUE fmt) len = (send - s) * 2; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 1) @@ -1357,6 +1363,7 @@ pack_unpack(VALUE str, VALUE fmt) len = (send - s) * 2; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 1) diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb index b59faec9f3..76843b2eae 100644 --- a/test/ruby/test_pack.rb +++ b/test/ruby/test_pack.rb @@ -829,4 +829,20 @@ EXPECTED ret = []; "A".unpack("B*") {|v| ret << v } assert_equal ["01000001"], ret end + + def test_pack_infection + tainted_array_string = ["123456"] + tainted_array_string.first.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f| + assert_predicate(tainted_array_string.pack(f), :tainted?) + end + end + + def test_unpack_infection + tainted_string = "123456" + tainted_string.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f| + assert_predicate(tainted_string.unpack(f).first, :tainted?) + end + end end @@ -1,10 +1,10 @@ #define RUBY_VERSION "2.3.7" -#define RUBY_RELEASE_DATE "2018-10-17" -#define RUBY_PATCHLEVEL 457 +#define RUBY_RELEASE_DATE "2018-10-18" +#define RUBY_PATCHLEVEL 458 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 10 -#define RUBY_RELEASE_DAY 17 +#define RUBY_RELEASE_DAY 18 #include "ruby/version.h" |