diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | ext/dl/handle.c | 8 |
2 files changed, 13 insertions, 3 deletions
@@ -1,3 +1,11 @@ +Mon May 11 23:14:06 2009 Yuki Sonoda (Yugui) <yugui@yugui.jp> + + * ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen + with a tainted name of library. + Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. + + * ext/dl/dl.c (rb_dlhandle_sym): ditto + Mon May 11 22:33:46 2009 Yuki Sonoda (Yugui) <yugui@yugui.jp> * ext/dl/lib/dl/func.rb (DL::Function#call): prevents diff --git a/ext/dl/handle.c b/ext/dl/handle.c index ee3c644985..d72f725fbb 100644 --- a/ext/dl/handle.c +++ b/ext/dl/handle.c @@ -5,6 +5,8 @@ #include <ruby.h> #include "dl.h" +#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v)) + VALUE rb_cDLHandle; void @@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self) cflag = RTLD_LAZY | RTLD_GLOBAL; break; case 1: - clib = NIL_P(lib) ? NULL : StringValuePtr(lib); + clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib); cflag = RTLD_LAZY | RTLD_GLOBAL; break; case 2: - clib = NIL_P(lib) ? NULL : StringValuePtr(lib); + clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib); cflag = NUM2INT(flag); break; default: @@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym) rb_secure(2); - name = StringValuePtr(sym); + name = SafeStringValuePtr(sym); Data_Get_Struct(self, struct dl_handle, dlhandle); if( ! dlhandle->open ){ |