diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-05-11 15:07:10 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-05-11 15:07:10 +0000 |
commit | 4600cf725a86ce31266153647ae5aa1197b1215b (patch) | |
tree | e3c7bc1fce287ef22b9c1c14a8784263867d96c0 /ext | |
parent | 7269e3de3cee3bbb6ab77fc708f3a10cab00b65e (diff) |
* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen
with a tainted name of library.
Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.
* ext/dl/dl.c (rb_dlhandle_sym): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@23405 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/dl/handle.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ext/dl/handle.c b/ext/dl/handle.c index ee3c644985..d72f725fbb 100644 --- a/ext/dl/handle.c +++ b/ext/dl/handle.c @@ -5,6 +5,8 @@ #include <ruby.h> #include "dl.h" +#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v)) + VALUE rb_cDLHandle; void @@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self) cflag = RTLD_LAZY | RTLD_GLOBAL; break; case 1: - clib = NIL_P(lib) ? NULL : StringValuePtr(lib); + clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib); cflag = RTLD_LAZY | RTLD_GLOBAL; break; case 2: - clib = NIL_P(lib) ? NULL : StringValuePtr(lib); + clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib); cflag = NUM2INT(flag); break; default: @@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym) rb_secure(2); - name = StringValuePtr(sym); + name = SafeStringValuePtr(sym); Data_Get_Struct(self, struct dl_handle, dlhandle); if( ! dlhandle->open ){ |