* dir.c (dir_close): should not close untainted dir stream.

* dir.c (GetDIR): add tainted/frozen check for each dir operation.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10157 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 17 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 3e1d4688ce..48b4f78a85 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ Tue May 16 09:20:16 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* re.c (rb_memcmp): type change from char* to const void*.
 
+	* dir.c (dir_close): should not close untainted dir stream.
+
+	* dir.c (GetDIR): add tainted/frozen check for each dir operation.
+
 Mon May 15 17:42:39 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* lib/rdoc/parsers/parse_rb.rb (RDoc::RubyParser::parse_symbol_arg):
diff --git a/dir.c b/dir.c
index 22f68913d4..83feef93f3 100644
--- a/dir.c
+++ b/dir.c
@@ -325,7 +325,17 @@ dir_closed()
     rb_raise(rb_eIOError, "closed directory");
 }
 
+static void
+dir_check(dir)
+    VALUE dir;
+{
+    if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
+    rb_check_frozen(dir);
+}
+
 #define GetDIR(obj, dirp) do {\
+    dir_check(dir);\
     Data_Get_Struct(obj, struct dir_data, dirp);\
     if (dirp->dir == NULL) dir_closed();\
 } while (0)
@@ -536,6 +546,9 @@ dir_close(dir)
 {
     struct dir_data *dirp;
 
+    if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't close");
+    }
     GetDIR(dir, dirp);
     closedir(dirp->dir);
     dirp->dir = NULL;