summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--ext/win32ole/win32ole.c18
-rw-r--r--ext/win32ole/win32ole_event.c5
-rw-r--r--test/win32ole/test_win32ole.rb40
-rw-r--r--test/win32ole/test_win32ole_event.rb13
5 files changed, 73 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 4ed5cbb89ab..bdf2165f9d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Mon Aug 25 20:15:50 2014 Masaki Suketa <masaki.suketa@nifty.ne.jp>
+
+ * ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a
+ security error with the tainted string object.
+ * ext/win32ole/win32ole_event.c(ev_advise): ditto.
+ * test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted,
+ test_s_new_exc_host_tainted): ditto.
+ * test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto.
+
Mon Aug 25 12:56:54 2014 Ivan Korunkov <ivankorunkov@ya.ru>
* lib/logger.rb (format_datetime): use "%6N" to show microsecond.
diff --git a/ext/win32ole/win32ole.c b/ext/win32ole/win32ole.c
index fa8607b82ce..5b08d8e9900 100644
--- a/ext/win32ole/win32ole.c
+++ b/ext/win32ole/win32ole.c
@@ -26,7 +26,7 @@
const IID IID_IMultiLanguage2 = {0xDCCFC164, 0x2B38, 0x11d2, {0xB7, 0xEC, 0x00, 0xC0, 0x4F, 0x8F, 0x5D, 0x9A}};
#endif
-#define WIN32OLE_VERSION "1.7.7"
+#define WIN32OLE_VERSION "1.7.8"
typedef HRESULT (STDAPICALLTYPE FNCOCREATEINSTANCEEX)
(REFCLSID, IUnknown*, DWORD, COSERVERINFO*, DWORD, MULTI_QI*);
@@ -1907,10 +1907,10 @@ fole_s_connect(int argc, VALUE *argv, VALUE self)
ole_initialize();
rb_scan_args(argc, argv, "1*", &svr_name, &others);
- SafeStringValue(svr_name);
+ StringValue(svr_name);
if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
- rb_raise(rb_eSecurityError, "Insecure Object Connection - %s",
- StringValuePtr(svr_name));
+ rb_raise(rb_eSecurityError, "insecure connection - `%s'",
+ StringValuePtr(svr_name));
}
/* get CLSID from OLE server name */
@@ -2390,16 +2390,16 @@ fole_initialize(int argc, VALUE *argv, VALUE self)
rb_call_super(0, 0);
rb_scan_args(argc, argv, "11*", &svr_name, &host, &others);
- SafeStringValue(svr_name);
+ StringValue(svr_name);
if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
- rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
+ rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
StringValuePtr(svr_name));
}
if (!NIL_P(host)) {
- SafeStringValue(host);
+ StringValue(host);
if (rb_safe_level() > 0 && OBJ_TAINTED(host)) {
- rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
- StringValuePtr(svr_name));
+ rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
+ StringValuePtr(host));
}
return ole_create_dcom(self, svr_name, host, others);
}
diff --git a/ext/win32ole/win32ole_event.c b/ext/win32ole/win32ole_event.c
index 77b362691fc..00aabd20b82 100644
--- a/ext/win32ole/win32ole_event.c
+++ b/ext/win32ole/win32ole_event.c
@@ -897,12 +897,11 @@ ev_advise(int argc, VALUE *argv, VALUE self)
}
if(!RB_TYPE_P(itf, T_NIL)) {
+ pitf = StringValuePtr(itf);
if (rb_safe_level() > 0 && OBJ_TAINTED(itf)) {
- rb_raise(rb_eSecurityError, "Insecure Event Creation - %s",
+ rb_raise(rb_eSecurityError, "insecure event creation - `%s'",
StringValuePtr(itf));
}
- SafeStringValue(itf);
- pitf = StringValuePtr(itf);
hr = find_iid(ole, pitf, &iid, &pTypeInfo);
}
else {
diff --git a/test/win32ole/test_win32ole.rb b/test/win32ole/test_win32ole.rb
index 71026d48c61..b41fd591fef 100644
--- a/test/win32ole/test_win32ole.rb
+++ b/test/win32ole/test_win32ole.rb
@@ -169,6 +169,33 @@ if defined?(WIN32OLE)
}
end
+ def test_s_new_exc_svr_tainted
+ th = Thread.start {
+ $SAFE = 1
+ svr = "Scripting.Dictionary"
+ svr.taint
+ WIN32OLE.new(svr)
+ }
+ exc = assert_raise(SecurityError) {
+ th.join
+ }
+ assert_match(/insecure object creation - `Scripting.Dictionary'/, exc.message)
+ end
+
+ def test_s_new_exc_host_tainted
+ th = Thread.start {
+ $SAFE = 1
+ svr = "Scripting.Dictionary"
+ host = "localhost"
+ host.taint
+ WIN32OLE.new(svr, host)
+ }
+ exc = assert_raise(SecurityError) {
+ th.join
+ }
+ assert_match(/insecure object creation - `localhost'/, exc.message)
+ end
+
def test_s_new_DCOM
rshell = WIN32OLE.new("Shell.Application")
assert_instance_of(WIN32OLE, rshell)
@@ -194,6 +221,19 @@ if defined?(WIN32OLE)
}
end
+ def test_s_coonect_exc_tainted
+ th = Thread.start {
+ $SAFE = 1
+ svr = "winmgmts:"
+ svr.taint
+ WIN32OLE.connect(svr)
+ }
+ exc = assert_raise(SecurityError) {
+ th.join
+ }
+ assert_match(/insecure connection - `winmgmts:'/, exc.message)
+ end
+
def test_invoke_accept_symbol_hash_key
fso = WIN32OLE.new('Scripting.FileSystemObject')
afolder = fso.getFolder(".")
diff --git a/test/win32ole/test_win32ole_event.rb b/test/win32ole/test_win32ole_event.rb
index 8e3915ec17e..f486749113b 100644
--- a/test/win32ole/test_win32ole_event.rb
+++ b/test/win32ole/test_win32ole_event.rb
@@ -329,6 +329,19 @@ if defined?(WIN32OLE_EVENT)
message_loop
assert(h2.ev != "")
end
+
+ def test_s_new_exc_tainted
+ th = Thread.new {
+ $SAFE=1
+ str = 'ConnectionEvents'
+ str.taint
+ ev = WIN32OLE_EVENT.new(@db, str)
+ }
+ exc = assert_raise(SecurityError) {
+ th.join
+ }
+ assert_match(/insecure event creation - `ConnectionEvents'/, exc.message)
+ end
end
end
end