diff options
-rw-r--r-- | pack.c | 7 | ||||
-rw-r--r-- | test/ruby/test_pack.rb | 16 |
2 files changed, 23 insertions, 0 deletions
@@ -751,6 +751,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary) StringValue(from); ptr = RSTRING_PTR(from); plen = RSTRING_LEN(from); + OBJ_INFECT(res, from); if (len == 0 && type == 'm') { encodes(res, ptr, plen, type, 0); @@ -778,6 +779,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary) case 'M': /* quoted-printable encoded string */ from = rb_obj_as_string(NEXTFROM); + OBJ_INFECT(res, from); if (len <= 1) len = 72; qpencode(res, from, len); @@ -803,6 +805,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary) } else { t = StringValuePtr(from); + OBJ_INFECT(res, from); rb_obj_taint(from); } if (!associates) { @@ -1186,6 +1189,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 7) bits >>= 1; @@ -1207,6 +1211,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 7) bits <<= 1; @@ -1228,6 +1233,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) len = (send - s) * 2; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 1) @@ -1251,6 +1257,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) len = (send - s) * 2; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 1) diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb index 9d24c1994d..95f8e35226 100644 --- a/test/ruby/test_pack.rb +++ b/test/ruby/test_pack.rb @@ -862,4 +862,20 @@ EXPECTED assert_equal "hogefuga", "aG9nZWZ1Z2E=".unpack1("m") assert_equal "01000001", "A".unpack1("B*") end + + def test_pack_infection + tainted_array_string = ["123456"] + tainted_array_string.first.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f| + assert_predicate(tainted_array_string.pack(f), :tainted?) + end + end + + def test_unpack_infection + tainted_string = "123456" + tainted_string.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f| + assert_predicate(tainted_string.unpack(f).first, :tainted?) + end + end end |