diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | encoding.c | 3 | ||||
-rw-r--r-- | test/ruby/test_encoding.rb | 2 | ||||
-rw-r--r-- | transcode.c | 3 |
4 files changed, 12 insertions, 3 deletions
@@ -1,3 +1,10 @@ +Sun Sep 25 16:54:33 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * encoding.c (require_enc): reject only loading from untrusted + load paths. [ruby-dev:44541] [Bug #5279] + + * transcode.c (load_transcoder_entry): ditto. + Sun Sep 25 16:45:05 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> * configure.in: ignore all warnings from an arbitrary diff --git a/encoding.c b/encoding.c index 57af9762e9..3e4892b2e2 100644 --- a/encoding.c +++ b/encoding.c @@ -543,7 +543,8 @@ rb_enc_registered(const char *name) static VALUE require_enc(VALUE enclib) { - return rb_require_safe(enclib, rb_safe_level()); + int safe = rb_safe_level(); + return rb_require_safe(enclib, safe > 3 ? 3 : safe); } static int diff --git a/test/ruby/test_encoding.rb b/test/ruby/test_encoding.rb index 3e2ad5d0d2..6cb13fda9c 100644 --- a/test/ruby/test_encoding.rb +++ b/test/ruby/test_encoding.rb @@ -102,6 +102,6 @@ class TestEncoding < Test::Unit::TestCase def test_unsafe bug5279 = '[ruby-dev:44469]' - assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279) + assert_ruby_status([], '$SAFE=4; "a".encode("utf-16be")', bug5279) end end diff --git a/transcode.c b/transcode.c index 7caad0f87c..e813516563 100644 --- a/transcode.c +++ b/transcode.c @@ -370,6 +370,7 @@ load_transcoder_entry(transcoder_entry_t *entry) const size_t total_len = sizeof(transcoder_lib_prefix) - 1 + len; const VALUE fn = rb_str_new(0, total_len); char *const path = RSTRING_PTR(fn); + const int safe = rb_safe_level(); entry->lib = NULL; @@ -378,7 +379,7 @@ load_transcoder_entry(transcoder_entry_t *entry) rb_str_set_len(fn, total_len); FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); OBJ_FREEZE(fn); - if (!rb_require_safe(fn, rb_safe_level())) + if (!rb_require_safe(fn, safe > 3 ? 3 : safe)) return NULL; } |