diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-06-03 15:36:38 +0900 |
---|---|---|
committer | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-06-16 22:23:46 +0900 |
commit | 2b17d2f2970d382ac61d15d66f46d1c56f8f2598 (patch) | |
tree | 43fc591805949fac352a1f1d83b47c90c74fa133 /lib/net/protocol.rb | |
parent | f4640f64a4d242e7ce56b248de41b3021dcdf77d (diff) |
[ruby/net-protocol] Get rid of `__send__`
Mitigate the security risk:
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
https://github.com/ruby/net-protocol/commit/a9970437e8
Diffstat (limited to 'lib/net/protocol.rb')
-rw-r--r-- | lib/net/protocol.rb | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/lib/net/protocol.rb b/lib/net/protocol.rb index edf2ed5a00..0afac2a02a 100644 --- a/lib/net/protocol.rb +++ b/lib/net/protocol.rb @@ -383,7 +383,7 @@ module Net # :nodoc: len = writing { using_each_crlf_line { begin - block.call(WriteAdapter.new(self, :write_message_0)) + block.call(WriteAdapter.new(self.method(:write_message_0))) rescue LocalJumpError # allow `break' from writer block end @@ -447,17 +447,16 @@ module Net # :nodoc: # The writer adapter class # class WriteAdapter - def initialize(socket, method) - @socket = socket - @method_id = method + def initialize(writer) + @writer = writer end def inspect - "#<#{self.class} socket=#{@socket.inspect}>" + "#<#{self.class} writer=#{@writer.inspect}>" end def write(str) - @socket.__send__(@method_id, str) + @writer.call(str) end alias print write |