diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-09-11 10:56:54 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-09-11 10:56:54 +0000 |
commit | 921aed777864970c7408a0d335c4fd44565f6457 (patch) | |
tree | f2ab0058d8538ec32181ba4adf719a388258cbd2 | |
parent | 05c2cc90895750255f64254f2491ff0ad77cc13a (diff) |
merges r33201 from trunk into ruby_1_9_3.
--
* encoding.c (load_encoding): predefined encoding names are safe.
[ruby-dev:44469] [Bug #5279]
* transcode.c (load_transcoder_entry): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33249 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | encoding.c | 1 | ||||
-rw-r--r-- | test/ruby/test_encoding.rb | 5 | ||||
-rw-r--r-- | transcode.c | 6 |
4 files changed, 18 insertions, 1 deletions
@@ -1,3 +1,10 @@ +Tue Sep 6 13:15:44 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * encoding.c (load_encoding): predefined encoding names are safe. + [ruby-dev:44469] [Bug #5279] + + * transcode.c (load_transcoder_entry): ditto. + Fri Sep 9 16:02:04 2011 NARUSE, Yui <naruse@ruby-lang.org> * insns.def (concatstrings): don't use initial ASCII-8BIT string. diff --git a/encoding.c b/encoding.c index 0b6bf96bc5..629fa04ee5 100644 --- a/encoding.c +++ b/encoding.c @@ -554,6 +554,7 @@ load_encoding(const char *name) else if (ISUPPER(*s)) *s = TOLOWER(*s); ++s; } + FL_UNSET(enclib, FL_TAINT|FL_UNTRUSTED); OBJ_FREEZE(enclib); ruby_verbose = Qfalse; ruby_debug = Qfalse; diff --git a/test/ruby/test_encoding.rb b/test/ruby/test_encoding.rb index 1ed7252458..eaad03d302 100644 --- a/test/ruby/test_encoding.rb +++ b/test/ruby/test_encoding.rb @@ -96,4 +96,9 @@ class TestEncoding < Test::Unit::TestCase str2 = Marshal.load(Marshal.dump(str2)) assert_equal(str, str2, '[ruby-dev:38596]') end + + def test_unsafe + bug5279 = '[ruby-dev:44469]' + assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279) + end end diff --git a/transcode.c b/transcode.c index 5f7f856a33..ea6439d573 100644 --- a/transcode.c +++ b/transcode.c @@ -368,6 +368,7 @@ load_transcoder_entry(transcoder_entry_t *entry) const char *lib = entry->lib; size_t len = strlen(lib); char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN]; + VALUE fn; entry->lib = NULL; @@ -375,7 +376,10 @@ load_transcoder_entry(transcoder_entry_t *entry) return NULL; memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1); memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len + 1); - if (!rb_require(path)) + fn = rb_str_new2(path); + FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); + OBJ_FREEZE(fn); + if (!rb_require_safe(fn, rb_safe_level())) return NULL; } |