diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-06-30 13:06:35 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-06-30 13:06:35 +0000 |
| commit | 440a6b5d1cc7c49e364d5803993d55596bc4530b (patch) | |
| tree | 6d166ae6e7c67e2f183b57ec45449355cc57fdb6 | |
| parent | 2d5c52f99a87e2aa3a57a19e31da3a53349c1ad1 (diff) | |
merge revision(s) 60596,60599: [Backport #14060]
file.c: infect from arguments
* file.c (rb_check_realpath_internal): infetct the result with
arguments, no taint if none are tainted and cwd is not used.
[ruby-core:83583] [Bug #14060]
file.c: infect from arguments
* file.c (rb_check_realpath_internal): infetct the result with
arguments, no taint if none are tainted and cwd is not used.
[ruby-core:83583] [Bug #14060]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@63807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | file.c | 2 | ||||
| -rw-r--r-- | test/ruby/test_file.rb | 17 | ||||
| -rw-r--r-- | version.h | 2 |
3 files changed, 19 insertions, 2 deletions
@@ -3979,7 +3979,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode if (origenc != enc && rb_enc_str_asciionly_p(resolved)) rb_enc_associate(resolved, origenc); - OBJ_TAINT(resolved); + OBJ_INFECT(resolved, unresolved_path); return resolved; } diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb index d0d6a0ebe2..215d579cc5 100644 --- a/test/ruby/test_file.rb +++ b/test/ruby/test_file.rb @@ -292,6 +292,23 @@ class TestFile < Test::Unit::TestCase end end + def test_realpath_taintedness + Dir.mktmpdir('rubytest-realpath') {|tmpdir| + realdir = File.realpath(tmpdir) + assert_predicate(realdir, :tainted?) + dir, base = File.split(realdir) + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.taint + dir.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + assert_not_predicate(File.realpath(base, dir), :tainted?) + assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?) + } + end + def test_realdirpath Dir.mktmpdir('rubytest-realdirpath') {|tmpdir| realdir = File.realpath(tmpdir) @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.4.5" #define RUBY_RELEASE_DATE "2018-06-30" -#define RUBY_PATCHLEVEL 302 +#define RUBY_PATCHLEVEL 303 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 6 |