From 1b3beecb548cc2f28fdd4ecf92f3a976b84ad675 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 16 May 2006 00:25:18 +0000
Subject: * re.c (rb_reg_initialize): should not modify untainted objects in  
 safe levels higher than 3.

* re.c (rb_memcmp): type change from char* to const void*.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10156 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog |  7 +++++++
 intern.h  |  6 +++---
 re.c      | 15 +++++++++------
 string.c  |  6 +++---
 4 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 32aea3ad2f..3e1d4688ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue May 16 09:20:16 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* re.c (rb_reg_initialize): should not modify untainted objects in
+	  safe levels higher than 3.
+
+	* re.c (rb_memcmp): type change from char* to const void*.
+
 Mon May 15 17:42:39 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* lib/rdoc/parsers/parse_rb.rb (RDoc::RubyParser::parse_symbol_arg):
diff --git a/intern.h b/intern.h
index c38c00174a..cc39169073 100644
--- a/intern.h
+++ b/intern.h
@@ -353,9 +353,9 @@ VALUE rb_range_new _((VALUE, VALUE, int));
 VALUE rb_range_beg_len _((VALUE, long*, long*, long, int));
 VALUE rb_length_by_each _((VALUE));
 /* re.c */
-int rb_memcmp _((char*,char*,long));
-int rb_memcicmp _((char*,char*,long));
-long rb_memsearch _((char*,long,char*,long));
+int rb_memcmp _((const void*,const void*,long));
+int rb_memcicmp _((const void*,const void*,long));
+long rb_memsearch _((const void*,long,const void*,long));
 VALUE rb_reg_nth_defined _((int, VALUE));
 VALUE rb_reg_nth_match _((int, VALUE));
 VALUE rb_reg_last_match _((VALUE));
diff --git a/re.c b/re.c
index 66d9971854..f350bcbed1 100644
--- a/re.c
+++ b/re.c
@@ -70,10 +70,11 @@ static const char casetable[] = {
 #endif
 
 int
-rb_memcicmp(p1, p2, len)
-    char *p1, *p2;
+rb_memcicmp(x, y, len)
+    const void *x, *y;
     long len;
 {
+    const unsigned char *p1 = x, *p2 = y;
     int tmp;
 
     while (len--) {
@@ -85,7 +86,7 @@ rb_memcicmp(p1, p2, len)
 
 int
 rb_memcmp(p1, p2, len)
-    char *p1, *p2;
+    const void *p1, *p2;
     long len;
 {
     if (!ruby_ignorecase) {
@@ -96,11 +97,11 @@ rb_memcmp(p1, p2, len)
 
 long
 rb_memsearch(x0, m, y0, n)
-    char *x0, *y0;
+    const void *x0, *y0;
     long m, n;
 {
-    unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0;
-    unsigned char *s, *e;
+    const unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0;
+    const unsigned char *s, *e;
     long i;
     int d;
     unsigned long hx, hy;
@@ -1332,6 +1333,8 @@ rb_reg_initialize(obj, s, len, options)
 {
     struct RRegexp *re = RREGEXP(obj);
 
+    if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: can't modify regexp");
     if (re->ptr) re_free_pattern(re->ptr);
     if (re->str) free(re->str);
     re->ptr = 0;
diff --git a/string.c b/string.c
index c428ea7d76..5010274cdb 100644
--- a/string.c
+++ b/string.c
@@ -1130,7 +1130,7 @@ rb_str_index_m(argc, argv, str)
       {
 	  int c = FIX2INT(sub);
 	  long len = RSTRING(str)->len;
-	  unsigned char *p = RSTRING(str)->ptr;
+	  unsigned char *p = (unsigned char*)RSTRING(str)->ptr;
 
 	  for (;pos<len;pos++) {
 	      if (p[pos] == c) return LONG2NUM(pos);
@@ -1252,8 +1252,8 @@ rb_str_rindex_m(argc, argv, str)
       case T_FIXNUM:
       {
 	  int c = FIX2INT(sub);
-	  unsigned char *p = RSTRING(str)->ptr + pos;
-	  unsigned char *pbeg = RSTRING(str)->ptr;
+	  unsigned char *p = (unsigned char*)RSTRING(str)->ptr + pos;
+	  unsigned char *pbeg = (unsigned char*)RSTRING(str)->ptr;
 
 	  if (pos == RSTRING(str)->len) {
 	      if (pos == 0) return Qnil;
-- 
cgit v1.2.3