diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | marshal.c | 3 | ||||
-rw-r--r-- | test/ruby/test_marshal.rb | 18 | ||||
-rw-r--r-- | version.h | 6 |
4 files changed, 31 insertions, 4 deletions
@@ -1,3 +1,11 @@ +Wed Dec 19 21:12:49 2012 Shugo Maeda <shugo@ruby-lang.org> + + * marshal.c (r_entry0): don't taint classes and modules because + Marshal.load just returns the dumped classes and modules. + [Bug #7325] [ruby-core:49198] + + * test/ruby/test_marshal.rb: related test. + Tue Dec 11 19:19:33 2012 Luis Lavena <luislavena@gmail.com> * win32/file.c (replace_to_long_name): correct logic around wildcard @@ -1214,7 +1214,8 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg) else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection) { + if (arg->infection && + TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) { FL_SET(v, arg->infection); if ((VALUE)real_obj != Qundef) FL_SET((VALUE)real_obj, arg->infection); diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index 7ec6959a6e..0f3f794572 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -483,4 +483,22 @@ class TestMarshal < Test::Unit::TestCase assert_equal(Rational(1, 2), Marshal.load("\x04\bU:\rRational[\ai\x06i\a")) assert_raise(ArgumentError){Marshal.load("\x04\bU:\rRational[\bi\x00i\x00i\x00")} end + + class TestClass + end + + module TestModule + end + + def test_marshal_load_should_not_taint_classes + bug7325 = '[ruby-core:49198]' + for c in [TestClass, TestModule] + assert(!c.tainted?) + assert(!c.untrusted?) + c2 = Marshal.load(Marshal.dump(c).taint.untrust) + assert_same(c, c2) + assert(!c.tainted?, bug7325) + assert(!c.untrusted?, bug7325) + end + end end @@ -1,10 +1,10 @@ #define RUBY_VERSION "1.9.3" -#define RUBY_PATCHLEVEL 341 +#define RUBY_PATCHLEVEL 342 -#define RUBY_RELEASE_DATE "2012-12-13" +#define RUBY_RELEASE_DATE "2012-12-19" #define RUBY_RELEASE_YEAR 2012 #define RUBY_RELEASE_MONTH 12 -#define RUBY_RELEASE_DAY 13 +#define RUBY_RELEASE_DAY 19 #include "ruby/version.h" |