diff options
| author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-11-18 05:20:22 +0000 |
|---|---|---|
| committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-11-18 05:20:22 +0000 |
| commit | 5b3f05ab6a7b779c62eb6238ed076094c93c4092 (patch) | |
| tree | 6a4d33eda38cc6ab184541ebe907b5f68fc74301 | |
| parent | 4a965795f857b24e1ab0800f6dbe9af8a5fa425d (diff) | |
merge revision(s) 25069:
* ext/openssl/ossl_config.c (ossl_config_add_value_m,
ossl_config_set_section): Check if frozen (or untainted for $SECURE >=
4) [ruby-core:18377]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@25839 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ext/openssl/ossl_config.c | 10 | ||||
| -rw-r--r-- | version.h | 2 |
3 files changed, 17 insertions, 1 deletions
@@ -1,3 +1,9 @@ +Wed Nov 18 14:14:38 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca> + + * ext/openssl/ossl_config.c (ossl_config_add_value_m, + ossl_config_set_section): Check if frozen (or untainted for $SECURE >= + 4) [ruby-core:18377] + Wed Nov 18 14:13:14 2009 NAKAMURA Usaku <usa@ruby-lang.org> * instruby.rb: win32/win32.h exists in srcdir. diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index cc8e324029..10c865e9bb 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -158,6 +158,14 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self) return self; } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + static VALUE ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) { @@ -167,6 +175,7 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) CONF *conf; CONF_VALUE *sv, *cv; + rb_ossl_config_modify_check(self); StringValue(section); StringValue(name); StringValue(value); @@ -247,6 +256,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash) { VALUE arg[2]; + rb_ossl_config_modify_check(self); arg[0] = self; arg[1] = section; rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg); @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2009-11-18" #define RUBY_VERSION_CODE 187 #define RUBY_RELEASE_CODE 20091118 -#define RUBY_PATCHLEVEL 211 +#define RUBY_PATCHLEVEL 212 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 |