diff options
author | wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-24 18:39:36 +0000 |
---|---|---|
committer | wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-24 18:39:36 +0000 |
commit | 91b056e10d2e3c6ba5f3c684273859512c2391d9 (patch) | |
tree | 9d1d69a26d6bd3797e24cf18d062166e9d18b139 | |
parent | 646a31fb9adc3ca2d3a62db3ec511df22f5c7294 (diff) |
Backport #484 [ruby-core:18377]; Make OpenSSL::Config freeze correctly, preventing further config changes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@28002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | ext/openssl/ossl_config.c | 10 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 19 insertions, 3 deletions
@@ -1,9 +1,15 @@ +Mon May 24 06:26:00 2010 Kirk haines <khaines@ruby-lang.org> + + * ext/openssl/ossl_config.c: Backport #484 [ruby-core:18377]; OpenSSL::Config now freezes correctly, preventing further modification. + +Mon May 24 05:25:00 2010 Kirk haines <khaines@ruby-lang.org> + + * lib/fileutils.rb: Backport #1700 [ruby-core:24078]; stringify group argument in #fu_get_gid before making regexp match. r28001 + Mon May 24 05:15:00 2010 Kirk Haines <khaines@ruby-lang.org> * configure.in: Bug #2553 [ruby-core:27380]; Add a --disable-ucontext option, for use with --enable-pthreads, to avoid performance loss from --enable-pthreads and the oodles of sigprocmask calls that normally brings. r27999 - * lib/fileutils.rb: Backport #1700 [ruby-core:24078]; stringify group argument in #fu_get_gid before making regexp match. - Thu May 20 04:10:00 2010 Kirk Haines <khaines@ruby-lang.org> * lib/cgi.rb: Backport #229 [ruby-core:17634]; CGI::Cookie objects can get out of sync when CGI::Cookie#value= is used to assign a new value. Also, if a nil value ends up in the array of values for the cookie, CGI::Cookie#to_s would blow up on a gsub error when it tried to CGI::escape the nil value. This is fixed so that nils are treated as empty strings. r27932 diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index f1d6a98253..84e163ae3b 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -158,6 +158,14 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self) return self; } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + static VALUE ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) { @@ -167,6 +175,7 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) CONF *conf; CONF_VALUE *sv, *cv; + rb_ossl_config_modify_check(self); StringValue(section); StringValue(name); StringValue(value); @@ -247,6 +256,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash) { VALUE arg[2]; + rb_ossl_config_modify_check(self); arg[0] = self; arg[1] = section; rb_iterate(rb_each, hash, set_conf_section_i, (VALUE)arg); @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2010-05-25" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20100525 -#define RUBY_PATCHLEVEL 400 +#define RUBY_PATCHLEVEL 401 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 |