summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--eval.c22
-rw-r--r--sprintf.c9
3 files changed, 27 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index 0b912b6350..d028e3a96d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Fri Sep 9 22:13:19 2005 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * eval.c (rb_call0): prohibit calling tainted method (>2) when
+ $SAFE == 0.
+
Fri Sep 9 16:45:25 2005 Nobuyoshi Nakada <nobu@ruby-lang.org>
* string.c (rb_str_times): make empty strings to keep taintness,
diff --git a/eval.c b/eval.c
index e305a3b821..ebb91e5cba 100644
--- a/eval.c
+++ b/eval.c
@@ -363,8 +363,10 @@ static ID init, eqq, each, aref, aset, match, missing;
static ID added, singleton_added;
static ID __id__, __send__, respond_to;
-#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4)
+#define NOEX_TAINTED 8
#define NOEX_SAFE(n) ((n) >> 4)
+#define NOEX_WITH(n, v) ((n) | (v) << 4)
+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
void
rb_add_method(klass, mid, node, noex)
@@ -5717,12 +5719,16 @@ rb_call0(klass, recv, id, oid, argc, argv, body, flags)
}
b2 = body = body->nd_next;
- PUSH_VARS();
- PUSH_TAG(PROT_FUNC);
if (NOEX_SAFE(flags) > ruby_safe_level) {
+ if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+ rb_raise(rb_eSecurityError, "calling insecure method: %s",
+ rb_id2name(id));
+ }
safe = ruby_safe_level;
ruby_safe_level = NOEX_SAFE(flags);
}
+ PUSH_VARS();
+ PUSH_TAG(PROT_FUNC);
if ((state = EXEC_TAG()) == 0) {
NODE *node = 0;
int i;
@@ -8948,14 +8954,20 @@ method_call(argc, argv, method)
{
VALUE result = Qnil; /* OK */
struct METHOD *data;
+ int safe;
Data_Get_Struct(method, struct METHOD, data);
if (data->recv == Qundef) {
rb_raise(rb_eTypeError, "can't call unbound method; bind first");
}
+ if (OBJ_TAINTED(method)) {
+ safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
+ }
+ else {
+ safe = data->safe_level;
+ }
PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
- result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,
- data->safe_level);
+ result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,safe);
POP_ITER();
return result;
}
diff --git a/sprintf.c b/sprintf.c
index acfbf64d54..9f4d8e404c 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -771,11 +771,12 @@ rb_f_sprintf(argc, argv)
}
sprint_exit:
- /* XXX - We cannot validiate the number of arguments because
- * the format string may contain `n$'-style argument selector.
+ /* XXX - We cannot validiate the number of arguments if (digit)$ style used.
*/
- if (RTEST(ruby_debug) && posarg >= 0 && nextarg < argc) {
- rb_raise(rb_eArgError, "too many arguments for format string");
+ if (posarg >= 0 && nextarg < argc) {
+ const char *mesg = "too many arguments for format string";
+ if (RTEST(ruby_debug)) rb_raise(rb_eArgError, mesg);
+ if (RTEST(ruby_verbose)) rb_warn(mesg);
}
rb_str_resize(result, blen);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 21:04:08 +0000