merge revision(s): 53153 and 23405@ruby_1_9_1

* ext/fiddle/handle.c: check tainted string arguments. Patch provided by tenderlove and nobu. * test/fiddle/test_handle.rb (class TestHandle): add test for above. * ext/dl/handle.c (rb_dlhandle_initialize): prohibits DL::dlopen with a tainted name of library. Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. * ext/dl/handle.c (rb_dlhandle_sym): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@53156 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-12-16 12:15:26 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-12-16 12:15:26 +0000
commit: 339e11a7f178312d937b7c95dd3115ce7236597a (patch)
tree: 0645a603625a78ac09ee011c5b81fc5bbcb49248 /test
parent: 7abafeb92d9ec90f152be98e2cc89981c337d4da (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/test/fiddle/test_handle.rb b/test/fiddle/test_handle.rb
index 2007a191b6..8d7589e44c 100644
--- a/test/fiddle/test_handle.rb
+++ b/test/fiddle/test_handle.rb
@@ -10,6 +10,23 @@ module Fiddle
 
     include Test::Unit::Assertions
 
+    def test_safe_handle_open
+      t = Thread.new do
+        $SAFE = 1
+        Fiddle::Handle.new(LIBC_SO.taint)
+      end
+      assert_raise(SecurityError) { t.value }
+    end
+
+    def test_safe_function_lookup
+      t = Thread.new do
+        h = Fiddle::Handle.new(LIBC_SO)
+        $SAFE = 1
+        h["qsort".taint]
+      end
+      assert_raise(SecurityError) { t.value }
+    end
+
     def test_to_i
       handle = Fiddle::Handle.new(LIBC_SO)
       assert_kind_of Integer, handle.to_i
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-12-16 12:15:26 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-12-16 12:15:26 +0000
commit	339e11a7f178312d937b7c95dd3115ce7236597a (patch)
tree	0645a603625a78ac09ee011c5b81fc5bbcb49248 /test
parent	7abafeb92d9ec90f152be98e2cc89981c337d4da (diff)