diff options
author | wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-24 18:39:36 +0000 |
---|---|---|
committer | wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-24 18:39:36 +0000 |
commit | 91b056e10d2e3c6ba5f3c684273859512c2391d9 (patch) | |
tree | 9d1d69a26d6bd3797e24cf18d062166e9d18b139 /ext | |
parent | 646a31fb9adc3ca2d3a62db3ec511df22f5c7294 (diff) |
Backport #484 [ruby-core:18377]; Make OpenSSL::Config freeze correctly, preventing further config changes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@28002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/ossl_config.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index f1d6a98253..84e163ae3b 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -158,6 +158,14 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self) return self; } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + static VALUE ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) { @@ -167,6 +175,7 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) CONF *conf; CONF_VALUE *sv, *cv; + rb_ossl_config_modify_check(self); StringValue(section); StringValue(name); StringValue(value); @@ -247,6 +256,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash) { VALUE arg[2]; + rb_ossl_config_modify_check(self); arg[0] = self; arg[1] = section; rb_iterate(rb_each, hash, set_conf_section_i, (VALUE)arg); |