diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | intern.h | 6 | ||||
| -rw-r--r-- | re.c | 15 | ||||
| -rw-r--r-- | string.c | 6 |
4 files changed, 22 insertions, 12 deletions
@@ -1,3 +1,10 @@ +Tue May 16 09:20:16 2006 Yukihiro Matsumoto <matz@ruby-lang.org> + + * re.c (rb_reg_initialize): should not modify untainted objects in + safe levels higher than 3. + + * re.c (rb_memcmp): type change from char* to const void*. + Mon May 15 17:42:39 2006 Yukihiro Matsumoto <matz@ruby-lang.org> * lib/rdoc/parsers/parse_rb.rb (RDoc::RubyParser::parse_symbol_arg): @@ -353,9 +353,9 @@ VALUE rb_range_new _((VALUE, VALUE, int)); VALUE rb_range_beg_len _((VALUE, long*, long*, long, int)); VALUE rb_length_by_each _((VALUE)); /* re.c */ -int rb_memcmp _((char*,char*,long)); -int rb_memcicmp _((char*,char*,long)); -long rb_memsearch _((char*,long,char*,long)); +int rb_memcmp _((const void*,const void*,long)); +int rb_memcicmp _((const void*,const void*,long)); +long rb_memsearch _((const void*,long,const void*,long)); VALUE rb_reg_nth_defined _((int, VALUE)); VALUE rb_reg_nth_match _((int, VALUE)); VALUE rb_reg_last_match _((VALUE)); @@ -70,10 +70,11 @@ static const char casetable[] = { #endif int -rb_memcicmp(p1, p2, len) - char *p1, *p2; +rb_memcicmp(x, y, len) + const void *x, *y; long len; { + const unsigned char *p1 = x, *p2 = y; int tmp; while (len--) { @@ -85,7 +86,7 @@ rb_memcicmp(p1, p2, len) int rb_memcmp(p1, p2, len) - char *p1, *p2; + const void *p1, *p2; long len; { if (!ruby_ignorecase) { @@ -96,11 +97,11 @@ rb_memcmp(p1, p2, len) long rb_memsearch(x0, m, y0, n) - char *x0, *y0; + const void *x0, *y0; long m, n; { - unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0; - unsigned char *s, *e; + const unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0; + const unsigned char *s, *e; long i; int d; unsigned long hx, hy; @@ -1332,6 +1333,8 @@ rb_reg_initialize(obj, s, len, options) { struct RRegexp *re = RREGEXP(obj); + if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify regexp"); if (re->ptr) re_free_pattern(re->ptr); if (re->str) free(re->str); re->ptr = 0; @@ -1130,7 +1130,7 @@ rb_str_index_m(argc, argv, str) { int c = FIX2INT(sub); long len = RSTRING(str)->len; - unsigned char *p = RSTRING(str)->ptr; + unsigned char *p = (unsigned char*)RSTRING(str)->ptr; for (;pos<len;pos++) { if (p[pos] == c) return LONG2NUM(pos); @@ -1252,8 +1252,8 @@ rb_str_rindex_m(argc, argv, str) case T_FIXNUM: { int c = FIX2INT(sub); - unsigned char *p = RSTRING(str)->ptr + pos; - unsigned char *pbeg = RSTRING(str)->ptr; + unsigned char *p = (unsigned char*)RSTRING(str)->ptr + pos; + unsigned char *pbeg = (unsigned char*)RSTRING(str)->ptr; if (pos == RSTRING(str)->len) { if (pos == 0) return Qnil; |