diff options
| author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-07-12 02:44:27 +0000 |
|---|---|---|
| committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-07-12 02:44:27 +0000 |
| commit | d7444332257a6fb255300ee938a20dfa64cccf32 (patch) | |
| tree | 1e5d3ffdfdf32714f1fd21085eda79c0a2aa5799 | |
| parent | 8cc3fef898e7e2edf2554c153318f6cc483a01f2 (diff) | |
rb_str_new_frozen: new object if tainted/untrusted unmatch
* string.c (rb_str_new_frozen): since the result object should have
same tainted/untrusted bits with the original object, return new
object if the shared object unmatch. [ruby-core:39745][Bug #5374]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36373 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | string.c | 2 | ||||
| -rw-r--r-- | test/ruby/test_file.rb | 10 |
3 files changed, 17 insertions, 1 deletions
@@ -1,3 +1,9 @@ +Thu Jul 12 11:44:23 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * string.c (rb_str_new_frozen): since the result object should have + same tainted/untrusted bits with the original object, return new + object if the shared object unmatch. [ruby-core:39745][Bug #5374] + Thu Jul 12 10:46:39 2012 NAKAMURA Usaku <usa@ruby-lang.org> * test/net/http/test_http.rb (TestNetHTTPLocalBind#test_bind_to_local*): @@ -681,7 +681,7 @@ rb_str_new_frozen(VALUE orig) assert(OBJ_FROZEN(str)); ofs = RSTRING_LEN(str) - RSTRING_LEN(orig); if ((ofs > 0) || (klass != RBASIC(str)->klass) || - (!OBJ_TAINTED(str) && OBJ_TAINTED(orig)) || + ((RBASIC(str)->flags ^ RBASIC(orig)->flags) & (FL_TAINT|FL_UNTRUSTED)) || ENCODING_GET(str) != ENCODING_GET(orig)) { str = str_new3(klass, str); RSTRING(str)->as.heap.ptr += ofs; diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb index b0a6971e69..45c6efbd74 100644 --- a/test/ruby/test_file.rb +++ b/test/ruby/test_file.rb @@ -316,6 +316,16 @@ class TestFile < Test::Unit::TestCase end end + def test_untainted_path + bug5374 = '[ruby-core:39745]' + cwd = ("./"*40+".".taint).dup.untaint + in_safe = proc {|safe| $SAFE = safe; File.stat(cwd)} + assert_not_send([cwd, :tainted?]) + (0..1).each do |level| + assert_nothing_raised(SecurityError, bug5374) {in_safe[level]} + end + end + if /(bcc|ms|cyg)win|mingw|emx/ =~ RUBY_PLATFORM def test_long_unc feature3399 = '[ruby-core:30623]' |