summaryrefslogtreecommitdiff
path: root/ext/fiddle
diff options
context:
space:
mode:
authornagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-12-16 12:08:49 (GMT)
committernagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-12-16 12:08:49 (GMT)
commit79c7a51893e1c8b95d98728feb7c75bc31671ed8 (patch)
tree97a2de4140f10c60d5b748c38e2ad3b060330b3a /ext/fiddle
parented57f299b243842e4e874189771d93340aaadddc (diff)
* ext/fiddle/handle.c: check tainted string arguments.
Patch provided by tenderlove and nobu. * test/fiddle/test_handle.rb (class TestHandle): add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53153 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/fiddle')
-rw-r--r--ext/fiddle/handle.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/ext/fiddle/handle.c b/ext/fiddle/handle.c
index 4104421..e727ccf 100644
--- a/ext/fiddle/handle.c
+++ b/ext/fiddle/handle.c
@@ -1,6 +1,8 @@
#include <ruby.h>
#include <fiddle.h>
+#define SafeStringValueCStr(v) (rb_check_safe_obj(rb_string_value(&v)), StringValueCStr(v))
+
VALUE rb_cHandle;
struct dl_handle {
@@ -143,11 +145,11 @@ rb_fiddle_handle_initialize(int argc, VALUE argv[], VALUE self)
cflag = RTLD_LAZY | RTLD_GLOBAL;
break;
case 1:
- clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+ clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
cflag = RTLD_LAZY | RTLD_GLOBAL;
break;
case 2:
- clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+ clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
cflag = NUM2INT(flag);
break;
default:
@@ -262,7 +264,7 @@ rb_fiddle_handle_to_i(VALUE self)
return PTR2NUM(fiddle_handle);
}
-static VALUE fiddle_handle_sym(void *handle, const char *symbol);
+static VALUE fiddle_handle_sym(void *handle, VALUE symbol);
/*
* Document-method: sym
@@ -281,7 +283,7 @@ rb_fiddle_handle_sym(VALUE self, VALUE sym)
rb_raise(rb_eFiddleError, "closed handle");
}
- return fiddle_handle_sym(fiddle_handle->ptr, StringValueCStr(sym));
+ return fiddle_handle_sym(fiddle_handle->ptr, sym);
}
#ifndef RTLD_NEXT
@@ -304,11 +306,11 @@ rb_fiddle_handle_sym(VALUE self, VALUE sym)
static VALUE
rb_fiddle_handle_s_sym(VALUE self, VALUE sym)
{
- return fiddle_handle_sym(RTLD_NEXT, StringValueCStr(sym));
+ return fiddle_handle_sym(RTLD_NEXT, sym);
}
static VALUE
-fiddle_handle_sym(void *handle, const char *name)
+fiddle_handle_sym(void *handle, VALUE symbol)
{
#if defined(HAVE_DLERROR)
const char *err;
@@ -317,6 +319,7 @@ fiddle_handle_sym(void *handle, const char *name)
# define CHECK_DLERROR
#endif
void (*func)();
+ const char *name = SafeStringValueCStr(symbol);
#ifdef HAVE_DLERROR
dlerror();
@@ -365,7 +368,7 @@ fiddle_handle_sym(void *handle, const char *name)
}
#endif
if( !func ){
- rb_raise(rb_eFiddleError, "unknown symbol \"%s\"", name);
+ rb_raise(rb_eFiddleError, "unknown symbol \"%"PRIsVALUE"\"", symbol);
}
return PTR2NUM(func);