From 5b3f05ab6a7b779c62eb6238ed076094c93c4092 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 18 Nov 2009 05:20:22 +0000
Subject: merge revision(s) 25069: 	* ext/openssl/ossl_config.c
 (ossl_config_add_value_m, 	  ossl_config_set_section): Check if frozen
 (or untainted for $SECURE >= 	  4) [ruby-core:18377]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@25839 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                 |  6 ++++++
 ext/openssl/ossl_config.c | 10 ++++++++++
 version.h                 |  2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 78822c9bec..2306f4290b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Wed Nov 18 14:14:38 2009  Marc-Andre Lafortune  <ruby-core@marc-andre.ca>
+
+	* ext/openssl/ossl_config.c (ossl_config_add_value_m,
+	  ossl_config_set_section): Check if frozen (or untainted for $SECURE >=
+	  4) [ruby-core:18377]
+
 Wed Nov 18 14:13:14 2009  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* instruby.rb: win32/win32.h exists in srcdir.
diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c
index cc8e324029..10c865e9bb 100644
--- a/ext/openssl/ossl_config.c
+++ b/ext/openssl/ossl_config.c
@@ -158,6 +158,14 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
+static void
+rb_ossl_config_modify_check(VALUE config)
+{
+    if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
+    if (!OBJ_TAINTED(config) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
+}
+
 static VALUE
 ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
 {
@@ -167,6 +175,7 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
     CONF *conf;
     CONF_VALUE *sv, *cv;
 
+    rb_ossl_config_modify_check(self);
     StringValue(section);
     StringValue(name);
     StringValue(value);
@@ -247,6 +256,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash)
 {
     VALUE arg[2];
 
+    rb_ossl_config_modify_check(self);
     arg[0] = self;
     arg[1] = section;
     rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg);
diff --git a/version.h b/version.h
index 58bb8a229d..b74e935fda 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2009-11-18"
 #define RUBY_VERSION_CODE 187
 #define RUBY_RELEASE_CODE 20091118
-#define RUBY_PATCHLEVEL 211
+#define RUBY_PATCHLEVEL 212
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
-- 
cgit v1.2.3