diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | file.c | 1 | ||||
-rw-r--r-- | load.c | 6 | ||||
-rw-r--r-- | test/ruby/test_require.rb | 46 |
4 files changed, 62 insertions, 1 deletions
@@ -1,3 +1,13 @@ +Mon Feb 2 17:05:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * file.c (rb_find_file_ext): should not be infected from other + load paths. + +Sat Jan 31 19:09:30 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * load.c (rb_require_safe): raises when the path to be loaded is + tainted. [ruby-dev:37843] + Mon Feb 2 08:12:50 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/xmlrpc/server.rb (Server#serve): gets rid of hardcoded @@ -4551,6 +4551,7 @@ rb_find_file_ext(VALUE *filep, const char *const *ext) *filep = tmp; return j+1; } + FL_UNSET(tmp, FL_TAINT | FL_UNTRUSTED); } rb_str_set_len(fname, fnlen); } @@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe) rb_set_safe_level_force(safe); FilePathValue(fname); RB_GC_GUARD(fname) = rb_str_new4(fname); + rb_set_safe_level_force(0); found = search_required(fname, &path); if (found) { if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) { result = Qfalse; } else { - rb_set_safe_level_force(0); + if (safe > 0 && OBJ_TAINTED(path)) { + rb_raise(rb_eSecurityError, "cannot load from insecure path - %s", + RSTRING_PTR(path)); + } switch (found) { case 'r': rb_load(path, 0); diff --git a/test/ruby/test_require.rb b/test/ruby/test_require.rb index 4048ba038d..4bc44eff04 100644 --- a/test/ruby/test_require.rb +++ b/test/ruby/test_require.rb @@ -195,4 +195,50 @@ class TestRequire < Test::Unit::TestCase assert_raise(ArgumentError) { at_exit } end + + def test_tainted_loadpath + t = Tempfile.new(["test_ruby_test_require", ".rb"]) + abs_dir, file = File.dirname(t.path), File.basename(t.path) + abs_dir = File.expand_path(abs_dir).untaint + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir + require "#{ file }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + require "#{ file }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + $SAFE = 1 + begin + require "#{ file }" + rescue SecurityError + p :ok + end + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + $SAFE = 1 + require "#{ t.path }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir << 'elsewhere'.taint + require "#{ file }" + p :ok + INPUT + end end |