diff options
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | encoding.c | 3 | ||||
-rw-r--r-- | test/ruby/test_encoding.rb | 14 | ||||
-rw-r--r-- | transcode.c | 3 | ||||
-rw-r--r-- | version.h | 6 |
5 files changed, 24 insertions, 16 deletions
@@ -1,3 +1,17 @@ +Wed Feb 8 09:36:42 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * encoding.c (require_enc): reject only loading from untrusted + load paths. [ruby-dev:44541] [Bug #5279] + + * transcode.c (load_transcoder_entry): ditto. + +Wed Feb 8 09:36:42 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * encoding.c (load_encoding): predefined encoding names are safe. + [ruby-dev:44469] [Bug #5279] + + * transcode.c (load_transcoder_entry): ditto. + Tue Feb 7 14:29:16 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> * st.c (st_foreach): should not yield same pair when checking diff --git a/encoding.c b/encoding.c index 744be89223..18f54e684c 100644 --- a/encoding.c +++ b/encoding.c @@ -536,7 +536,8 @@ rb_enc_registered(const char *name) static VALUE require_enc(VALUE enclib) { - return rb_require_safe(enclib, rb_safe_level()); + int safe = rb_safe_level(); + return rb_require_safe(enclib, safe > 3 ? 3 : safe); } static int diff --git a/test/ruby/test_encoding.rb b/test/ruby/test_encoding.rb index e0a27ef6b6..6a406ae237 100644 --- a/test/ruby/test_encoding.rb +++ b/test/ruby/test_encoding.rb @@ -50,6 +50,9 @@ class TestEncoding < Test::Unit::TestCase exit Encoding.find("filesystem") == Encoding::EUC_JP EOS end + + bug5150 = '[ruby-dev:44327]' + assert_raise(TypeError, bug5150) {Encoding.find(1)} end def test_replicate @@ -96,15 +99,4 @@ class TestEncoding < Test::Unit::TestCase str2 = Marshal.load(Marshal.dump(str2)) assert_equal(str, str2, '[ruby-dev:38596]') end - - def test_unsafe - bug5279 = '[ruby-dev:44469]' - assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279) - end - - def test_compatible_p - ua = "abc".force_encoding(Encoding::UTF_8) - assert_equal(Encoding::UTF_8, Encoding.compatible?(ua, :abc)) - assert_equal(nil, Encoding.compatible?(ua, 1)) - end end diff --git a/transcode.c b/transcode.c index 4d9462fca6..64d093dbec 100644 --- a/transcode.c +++ b/transcode.c @@ -369,6 +369,7 @@ load_transcoder_entry(transcoder_entry_t *entry) size_t len = strlen(lib); char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN]; VALUE fn; + const int safe = rb_safe_level(); entry->lib = NULL; @@ -379,7 +380,7 @@ load_transcoder_entry(transcoder_entry_t *entry) fn = rb_str_new2(path); FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); OBJ_FREEZE(fn); - if (!rb_require_safe(fn, rb_safe_level())) + if (!rb_require_safe(fn, safe > 3 ? 3 : safe)) return NULL; } @@ -1,10 +1,10 @@ #define RUBY_VERSION "1.9.3" -#define RUBY_PATCHLEVEL 50 +#define RUBY_PATCHLEVEL 51 -#define RUBY_RELEASE_DATE "2012-02-07" +#define RUBY_RELEASE_DATE "2012-02-08" #define RUBY_RELEASE_YEAR 2012 #define RUBY_RELEASE_MONTH 2 -#define RUBY_RELEASE_DAY 7 +#define RUBY_RELEASE_DAY 8 #include "ruby/version.h" |