summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog12
-rw-r--r--ext/dl/cfunc.c1
-rw-r--r--ext/dl/cptr.c20
-rw-r--r--ext/dl/dl.c5
4 files changed, 30 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index a4e7d2eb47f..2d95c509b68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Mon Aug 11 20:27:12 2008 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * ext/dl/cfunc.c (rb_dlcfunc_call): add taint check.
+
+ * ext/dl/dl.c (rb_dl_malloc): add rb_secure(2).
+
+ * ext/dl/dl.c (rb_dl_realloc): ditto.
+
+ * ext/dl/dl.c (rb_dl_free): ditto.
+
+ * ext/dl/dl.c (rb_dl_ptr2value): ditto.
+
Mon Aug 11 20:11:21 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* gc.c (getrusage_time): works only if RUSAGE_SELF is defined right
diff --git a/ext/dl/cfunc.c b/ext/dl/cfunc.c
index 22e8600002d..724c290f2f1 100644
--- a/ext/dl/cfunc.c
+++ b/ext/dl/cfunc.c
@@ -260,6 +260,7 @@ rb_dlcfunc_call(VALUE self, VALUE ary)
if( i >= DLSTACK_SIZE ){
rb_raise(rb_eDLError, "too many arguments (stack overflow)");
}
+ rb_check_safe_obj(RARRAY_PTR(ary)[i]);
stack[i] = NUM2LONG(RARRAY_PTR(ary)[i]);
}
diff --git a/ext/dl/cptr.c b/ext/dl/cptr.c
index aeb1852b48c..b5f1e239e43 100644
--- a/ext/dl/cptr.c
+++ b/ext/dl/cptr.c
@@ -416,29 +416,33 @@ rb_dlptr_size(int argc, VALUE argv[], VALUE self)
VALUE
rb_dlptr_s_to_ptr(VALUE self, VALUE val)
{
- if( rb_obj_is_kind_of(val, rb_cIO) == Qtrue ){
+ VALUE ptr;
+
+ if (rb_obj_is_kind_of(val, rb_cIO) == Qtrue){
rb_io_t *fptr;
FILE *fp;
GetOpenFile(val, fptr);
fp = rb_io_stdio_file(fptr);
- return rb_dlptr_new(fp, 0, NULL);
+ ptr = rb_dlptr_new(fp, 0, NULL);
}
- else if( rb_obj_is_kind_of(val, rb_cString) == Qtrue ){
+ else if (rb_obj_is_kind_of(val, rb_cString) == Qtrue){
char *ptr = StringValuePtr(val);
- return rb_dlptr_new(ptr, RSTRING_LEN(val), NULL);
+ ptr = rb_dlptr_new(ptr, RSTRING_LEN(val), NULL);
}
- else if( rb_respond_to(val, id_to_ptr) ){
+ else if (rb_respond_to(val, id_to_ptr)){
VALUE vptr = rb_funcall(val, id_to_ptr, 0);
- if( rb_obj_is_kind_of(vptr, rb_cDLCPtr) ){
- return vptr;
+ if (rb_obj_is_kind_of(vptr, rb_cDLCPtr)){
+ ptr = vptr;
}
else{
rb_raise(rb_eDLError, "to_ptr should return a CPtr object");
}
}
else{
- return rb_dlptr_new(NUM2PTR(rb_Integer(val)), 0, NULL);
+ ptr = rb_dlptr_new(NUM2PTR(rb_Integer(val)), 0, NULL);
}
+ OBJ_INFECT(ptr, val);
+ return ptr;
}
void
diff --git a/ext/dl/dl.c b/ext/dl/dl.c
index e4bd4d41e92..0427dfb3f3f 100644
--- a/ext/dl/dl.c
+++ b/ext/dl/dl.c
@@ -22,6 +22,7 @@ rb_dl_malloc(VALUE self, VALUE size)
{
void *ptr;
+ rb_secure(4);
ptr = (void*)ruby_xmalloc(NUM2INT(size));
return PTR2NUM(ptr);
}
@@ -31,6 +32,7 @@ rb_dl_realloc(VALUE self, VALUE addr, VALUE size)
{
void *ptr = NUM2PTR(addr);
+ rb_secure(4);
ptr = (void*)ruby_xrealloc(ptr, NUM2INT(size));
return PTR2NUM(ptr);
}
@@ -39,6 +41,8 @@ VALUE
rb_dl_free(VALUE self, VALUE addr)
{
void *ptr = NUM2PTR(addr);
+
+ rb_secure(4);
ruby_xfree(ptr);
return Qnil;
}
@@ -46,6 +50,7 @@ rb_dl_free(VALUE self, VALUE addr)
VALUE
rb_dl_ptr2value(VALUE self, VALUE addr)
{
+ rb_secure(4);
return (VALUE)NUM2PTR(addr);
}