summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-10-17 15:08:59 +0000
committerusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-10-17 15:08:59 +0000
commite68968288f45a5de3d1273fc30383fb67aed4fc7 (patch)
treec6b0993606241f3eba6608c05a7686183b618fae
parentfbf633c3723368470cf7adf79e703b06c3ed4a0c (diff)
merge revision(s) 65125:
infect taint flag on Array#pack and String#unpack with the directives "B", "b", "H" and "h". * pack.c (pack_pack, pack_unpack_internal): infect taint flag. * test/ruby/test_pack.rb: add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@65129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--pack.c7
-rw-r--r--test/ruby/test_pack.rb16
-rw-r--r--version.h6
3 files changed, 26 insertions, 3 deletions
diff --git a/pack.c b/pack.c
index 577deb5a82..46689d0035 100644
--- a/pack.c
+++ b/pack.c
@@ -761,6 +761,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
StringValue(from);
ptr = RSTRING_PTR(from);
plen = RSTRING_LEN(from);
+ OBJ_INFECT(res, from);
if (len == 0 && type == 'm') {
encodes(res, ptr, plen, type, 0);
@@ -788,6 +789,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
case 'M': /* quoted-printable encoded string */
from = rb_obj_as_string(NEXTFROM);
+ OBJ_INFECT(res, from);
if (len <= 1)
len = 72;
qpencode(res, from, len);
@@ -813,6 +815,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
}
else {
t = StringValuePtr(from);
+ OBJ_INFECT(res, from);
rb_obj_taint(from);
}
if (!associates) {
@@ -1195,6 +1198,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 8;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 7) bits >>= 1;
@@ -1216,6 +1220,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 8;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 7) bits <<= 1;
@@ -1237,6 +1242,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 2;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 1)
@@ -1260,6 +1266,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 2;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 1)
diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb
index ce2682ee59..3d3415eee4 100644
--- a/test/ruby/test_pack.rb
+++ b/test/ruby/test_pack.rb
@@ -860,4 +860,20 @@ EXPECTED
assert_equal "hogefuga", "aG9nZWZ1Z2E=".unpack1("m")
assert_equal "01000001", "A".unpack1("B*")
end
+
+ def test_pack_infection
+ tainted_array_string = ["123456"]
+ tainted_array_string.first.taint
+ ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f|
+ assert_predicate(tainted_array_string.pack(f), :tainted?)
+ end
+ end
+
+ def test_unpack_infection
+ tainted_string = "123456"
+ tainted_string.taint
+ ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f|
+ assert_predicate(tainted_string.unpack(f).first, :tainted?)
+ end
+ end
end
diff --git a/version.h b/version.h
index bf599c14f7..a4fddd5a95 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@
#define RUBY_VERSION "2.4.5"
-#define RUBY_RELEASE_DATE "2018-10-17"
-#define RUBY_PATCHLEVEL 333
+#define RUBY_RELEASE_DATE "2018-10-18"
+#define RUBY_PATCHLEVEL 334
#define RUBY_RELEASE_YEAR 2018
#define RUBY_RELEASE_MONTH 10
-#define RUBY_RELEASE_DAY 17
+#define RUBY_RELEASE_DAY 18
#include "ruby/version.h"