summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>1998-07-17 00:53:50 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>1998-07-17 00:53:50 +0000
commit20e305950e9fb53e1b1cb338f9b04b1be43fd7bb (patch)
tree754daef2510303834280c46b75777f650766e540
parentc30c3bffe472ee999fc722f63dd1c1984db1d1ce (diff)
substr() taint
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/v1_1r@269 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog7
-rw-r--r--lib/cgi-lib.rb6
-rw-r--r--string.c28
3 files changed, 24 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 731f1934dd2..859005b66f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Thu Jul 16 22:58:48 1998 Yukihiro Matsumoto <matz@netlab.co.jp>
+
+ * string.c (scan_once): substrings to the block should not be
+ tainted. use reg_nth_match(), not str_substr().
+
+ * string.c (str_substr): needed to transfer taint.
+
Wed Jul 15 15:11:57 1998 Yukihiro Matsumoto <matz@netlab.co.jp>
* experimental release 1.1b9_31.
diff --git a/lib/cgi-lib.rb b/lib/cgi-lib.rb
index c6c1caa98bb..7033f0f8c12 100644
--- a/lib/cgi-lib.rb
+++ b/lib/cgi-lib.rb
@@ -53,18 +53,16 @@ class CGI < SimpleDelegator
when "GET"
# exception messages should be printed to stdout.
STDERR.reopen(STDOUT)
-
ENV['QUERY_STRING'] or ""
when "POST"
# exception messages should be printed to stdout.
STDERR.reopen(STDOUT)
-
- input.read ENV['CONTENT_LENGTH'].to_i
+ input.read Integer(ENV['CONTENT_LENGTH'])
else
read_from_cmdline
end.split(/&/).each do |x|
key, val = x.split(/=/,2).collect{|x|unescape(x)}
- if @inputs.include?('key')
+ if @inputs.include?(key)
@inputs[key] += "\0" + (val or "")
else
@inputs[key] = (val or "")
diff --git a/string.c b/string.c
index 16bf6fd6b68..7f5bf6ae729 100644
--- a/string.c
+++ b/string.c
@@ -287,6 +287,8 @@ str_substr(str, start, len)
VALUE str;
int start, len;
{
+ VALUE str2;
+
if (start < 0) {
start = RSTRING(str)->len + start;
}
@@ -297,7 +299,10 @@ str_substr(str, start, len)
len = RSTRING(str)->len - start;
}
- return str_new(RSTRING(str)->ptr+start, len);
+ str2 = str_new(RSTRING(str)->ptr+start, len);
+ if (str_tainted(str)) str_taint(str2);
+
+ return str2;
}
static VALUE
@@ -972,7 +977,7 @@ str_sub_iter_s(str, pat, once)
VALUE pat;
int once;
{
- VALUE val, result;
+ VALUE val, match, result;
int beg, offset, n;
struct re_registers *regs;
@@ -998,10 +1003,11 @@ str_sub_iter_s(str, pat, once)
while ((beg=reg_search(pat, str, offset, 0)) >= 0) {
n++;
- regs = RMATCH(backref_get())->regs;
+ match = backref_get();
+ regs = RMATCH(match)->regs;
str_cat(result, RSTRING(str)->ptr+offset, beg-offset);
- val = obj_as_string(rb_yield(reg_nth_match(0, backref_get())));
+ val = obj_as_string(rb_yield(reg_nth_match(0, match)));
str_cat(result, RSTRING(val)->ptr, RSTRING(val)->len);
if (BEG(0) == END(0)) {
@@ -2391,12 +2397,13 @@ scan_once(str, pat, start)
VALUE str, pat;
int *start;
{
- VALUE result;
+ VALUE result, match;
struct re_registers *regs;
int i;
if (reg_search(pat, str, *start, 0) >= 0) {
- regs = RMATCH(backref_get())->regs;
+ match = backref_get();
+ regs = RMATCH(match)->regs;
if (END(0) == *start) {
*start = END(0)+1;
}
@@ -2404,16 +2411,11 @@ scan_once(str, pat, start)
*start = END(0);
}
if (regs->num_regs == 1) {
- return str_substr(str, BEG(0), END(0)-BEG(0));
+ return reg_nth_match(0, match);
}
result = ary_new2(regs->num_regs);
for (i=1; i < regs->num_regs; i++) {
- if (BEG(i) == -1) {
- ary_push(result, Qnil);
- }
- else {
- ary_push(result, str_substr(str, BEG(i), END(i)-BEG(i)));
- }
+ ary_push(result, reg_nth_match(i, match));
}
return result;