diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-05-11 15:07:00 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-05-11 15:07:00 +0000 |
commit | 7269e3de3cee3bbb6ab77fc708f3a10cab00b65e (patch) | |
tree | 2e53fabc3395503e360f9e96347dae5d679280ed /ext | |
parent | fa0c48186e87e596c5082a6516f74b2158396013 (diff) |
* ext/dl/lib/dl/func.rb (DL::Function#call): prevents
passing tainted arguments to a C function.
Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.
* ext/dl/lib/dl/func.rb (DL::Function#check_safe_obj):
new method for checking #call's arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@23404 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/dl/lib/dl/func.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/dl/lib/dl/func.rb b/ext/dl/lib/dl/func.rb index b29aebcc8b..a2e6d40fbe 100644 --- a/ext/dl/lib/dl/func.rb +++ b/ext/dl/lib/dl/func.rb @@ -25,8 +25,16 @@ module DL @cfunc.to_i end + def check_safe_obj(val) + if $SAFE > 0 and val.tainted? + raise SecurityError, 'Insecure operation' + end + end + def call(*args, &block) funcs = [] + args.each{|e| check_safe_obj(e) } + check_safe_obj(block) args = wrap_args(args, @stack.types, funcs, &block) r = @cfunc.call(@stack.pack(args)) funcs.each{|f| f.unbind_at_call()} |