summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authorsuke <suke@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-08-25 11:18:17 +0000
committersuke <suke@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-08-25 11:18:17 +0000
commit108c4e4495385ccb5cab87dd723f27ef0ab52049 (patch)
treed03e75050026f00dd623376f99e77b7d8f2b010d /ext
parent682f3a788102113fdb1927e2b42ef7932106acb2 (diff)
* ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a
security error with the tainted string object. * ext/win32ole/win32ole_event.c(ev_advise): ditto. * test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted, test_s_new_exc_host_tainted): ditto. * test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r--ext/win32ole/win32ole.c18
-rw-r--r--ext/win32ole/win32ole_event.c5
2 files changed, 11 insertions, 12 deletions
diff --git a/ext/win32ole/win32ole.c b/ext/win32ole/win32ole.c
index fa8607b82ce..5b08d8e9900 100644
--- a/ext/win32ole/win32ole.c
+++ b/ext/win32ole/win32ole.c
@@ -26,7 +26,7 @@
const IID IID_IMultiLanguage2 = {0xDCCFC164, 0x2B38, 0x11d2, {0xB7, 0xEC, 0x00, 0xC0, 0x4F, 0x8F, 0x5D, 0x9A}};
#endif
-#define WIN32OLE_VERSION "1.7.7"
+#define WIN32OLE_VERSION "1.7.8"
typedef HRESULT (STDAPICALLTYPE FNCOCREATEINSTANCEEX)
(REFCLSID, IUnknown*, DWORD, COSERVERINFO*, DWORD, MULTI_QI*);
@@ -1907,10 +1907,10 @@ fole_s_connect(int argc, VALUE *argv, VALUE self)
ole_initialize();
rb_scan_args(argc, argv, "1*", &svr_name, &others);
- SafeStringValue(svr_name);
+ StringValue(svr_name);
if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
- rb_raise(rb_eSecurityError, "Insecure Object Connection - %s",
- StringValuePtr(svr_name));
+ rb_raise(rb_eSecurityError, "insecure connection - `%s'",
+ StringValuePtr(svr_name));
}
/* get CLSID from OLE server name */
@@ -2390,16 +2390,16 @@ fole_initialize(int argc, VALUE *argv, VALUE self)
rb_call_super(0, 0);
rb_scan_args(argc, argv, "11*", &svr_name, &host, &others);
- SafeStringValue(svr_name);
+ StringValue(svr_name);
if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
- rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
+ rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
StringValuePtr(svr_name));
}
if (!NIL_P(host)) {
- SafeStringValue(host);
+ StringValue(host);
if (rb_safe_level() > 0 && OBJ_TAINTED(host)) {
- rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
- StringValuePtr(svr_name));
+ rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
+ StringValuePtr(host));
}
return ole_create_dcom(self, svr_name, host, others);
}
diff --git a/ext/win32ole/win32ole_event.c b/ext/win32ole/win32ole_event.c
index 77b362691fc..00aabd20b82 100644
--- a/ext/win32ole/win32ole_event.c
+++ b/ext/win32ole/win32ole_event.c
@@ -897,12 +897,11 @@ ev_advise(int argc, VALUE *argv, VALUE self)
}
if(!RB_TYPE_P(itf, T_NIL)) {
+ pitf = StringValuePtr(itf);
if (rb_safe_level() > 0 && OBJ_TAINTED(itf)) {
- rb_raise(rb_eSecurityError, "Insecure Event Creation - %s",
+ rb_raise(rb_eSecurityError, "insecure event creation - `%s'",
StringValuePtr(itf));
}
- SafeStringValue(itf);
- pitf = StringValuePtr(itf);
hr = find_iid(ole, pitf, &iid, &pTypeInfo);
}
else {