diff options
| author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-30 04:43:55 +0000 |
|---|---|---|
| committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-30 04:43:55 +0000 |
| commit | dc70f82c34711105a6314a3821a06c3bd2090ccd (patch) | |
| tree | 4b3fd1476e26665383b6ff5d8e15e97d0ef08505 /ext | |
| parent | 86692258b0d9e6800a331d3a24005bf933cdebb0 (diff) | |
merges r31317 from trunk into ruby_1_9_2.
--
* ext/psych/parser.c (parse): strings from psych have proper taint
markings.
* test/psych/test_tainted.rb: test for string taint
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/psych/parser.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ext/psych/parser.c b/ext/psych/parser.c index ca2946e200..8841766067 100644 --- a/ext/psych/parser.c +++ b/ext/psych/parser.c @@ -53,6 +53,7 @@ static VALUE parse(VALUE self, VALUE yaml) yaml_parser_t parser; yaml_event_t event; int done = 0; + int tainted = 0; #ifdef HAVE_RUBY_ENCODING_H int encoding = rb_enc_find_index("ASCII-8BIT"); rb_encoding * internal_enc; @@ -62,8 +63,11 @@ static VALUE parse(VALUE self, VALUE yaml) yaml_parser_initialize(&parser); + if (OBJ_TAINTED(yaml)) tainted = 1; + if(rb_respond_to(yaml, id_read)) { yaml_parser_set_input(&parser, io_reader, (void *)yaml); + if (RTEST(rb_obj_is_kind_of(yaml, rb_cIO))) tainted = 1; } else { StringValue(yaml); yaml_parser_set_input_string( @@ -131,6 +135,7 @@ static VALUE parse(VALUE self, VALUE yaml) VALUE prefix = Qnil; if(start->handle) { handle = rb_str_new2((const char *)start->handle); + if (tainted) OBJ_TAINT(handle); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(handle, encoding, internal_enc); #endif @@ -138,6 +143,7 @@ static VALUE parse(VALUE self, VALUE yaml) if(start->prefix) { prefix = rb_str_new2((const char *)start->prefix); + if (tainted) OBJ_TAINT(prefix); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(prefix, encoding, internal_enc); #endif @@ -162,6 +168,7 @@ static VALUE parse(VALUE self, VALUE yaml) VALUE alias = Qnil; if(event.data.alias.anchor) { alias = rb_str_new2((const char *)event.data.alias.anchor); + if (tainted) OBJ_TAINT(alias); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(alias, encoding, internal_enc); #endif @@ -179,6 +186,7 @@ static VALUE parse(VALUE self, VALUE yaml) (const char *)event.data.scalar.value, (long)event.data.scalar.length ); + if (tainted) OBJ_TAINT(val); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(val, encoding, internal_enc); @@ -186,6 +194,7 @@ static VALUE parse(VALUE self, VALUE yaml) if(event.data.scalar.anchor) { anchor = rb_str_new2((const char *)event.data.scalar.anchor); + if (tainted) OBJ_TAINT(anchor); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(anchor, encoding, internal_enc); #endif @@ -193,6 +202,7 @@ static VALUE parse(VALUE self, VALUE yaml) if(event.data.scalar.tag) { tag = rb_str_new2((const char *)event.data.scalar.tag); + if (tainted) OBJ_TAINT(tag); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(tag, encoding, internal_enc); #endif @@ -217,6 +227,7 @@ static VALUE parse(VALUE self, VALUE yaml) VALUE implicit, style; if(event.data.sequence_start.anchor) { anchor = rb_str_new2((const char *)event.data.sequence_start.anchor); + if (tainted) OBJ_TAINT(anchor); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(anchor, encoding, internal_enc); #endif @@ -225,6 +236,7 @@ static VALUE parse(VALUE self, VALUE yaml) tag = Qnil; if(event.data.sequence_start.tag) { tag = rb_str_new2((const char *)event.data.sequence_start.tag); + if (tainted) OBJ_TAINT(tag); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(tag, encoding, internal_enc); #endif @@ -249,6 +261,7 @@ static VALUE parse(VALUE self, VALUE yaml) VALUE implicit, style; if(event.data.mapping_start.anchor) { anchor = rb_str_new2((const char *)event.data.mapping_start.anchor); + if (tainted) OBJ_TAINT(anchor); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(anchor, encoding, internal_enc); #endif @@ -256,6 +269,7 @@ static VALUE parse(VALUE self, VALUE yaml) if(event.data.mapping_start.tag) { tag = rb_str_new2((const char *)event.data.mapping_start.tag); + if (tainted) OBJ_TAINT(tag); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(tag, encoding, internal_enc); #endif |