From b982cff67c1e7e879b4532f496c40d9ebd3b1c0d Mon Sep 17 00:00:00 2001
From: ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 17 Aug 2007 12:25:47 +0000
Subject: * eval.c (rb_call), eval_method.ci (rb_add_method, rb_alias),  
 insnhelper.ci (vm_call_method): fix to save safelevel for   method node. *
 include/ruby/node.h: ditto. * bootstraptest/test_method.rb: add a test for
 above.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@13079 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                    | 10 ++++++++++
 bootstraptest/test_method.rb | 44 ++++++++++++++++++++++++++++++++++++++++++++
 eval.c                       | 39 ++++++++++++++++++++++++---------------
 eval_method.ci               |  4 ++--
 include/ruby/node.h          |  4 ++++
 insnhelper.ci                | 36 ++++++++++++++++++++++--------------
 6 files changed, 106 insertions(+), 31 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c434b4e0ac..39e6c5b01d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Fri Aug 17 21:20:44 2007  Koichi Sasada  <ko1@atdot.net>
+
+	* eval.c (rb_call), eval_method.ci (rb_add_method, rb_alias),
+	  insnhelper.ci (vm_call_method): fix to save safelevel for
+	  method node.
+
+	* include/ruby/node.h: ditto.
+
+	* bootstraptest/test_method.rb: add a test for above.
+
 Fri Aug 17 16:02:50 2007  Koichi Sasada  <ko1@atdot.net>
 
 	* thread.c (rb_thread_terminate_all): fix to ignore
diff --git a/bootstraptest/test_method.rb b/bootstraptest/test_method.rb
index 7f20bf5a95..28fee41d1b 100644
--- a/bootstraptest/test_method.rb
+++ b/bootstraptest/test_method.rb
@@ -860,5 +860,49 @@ class C0; def m *args; [:C0_m, args]; end; end
 class C1 < C0; def m a, o=:o; super; end; end
 ; C1.new.m 1, 2}
 
+assert_equal %q{[:ok, :ok, :ok, :ok, :ok, :ok, :ng, :ng]}, %q{
+  $ans = []
+  class Foo
+    def m
+    end
+  end
+
+  alias funcall send unless defined? funcall
+
+  c1 = c2 = nil
+
+  lambda{
+    $SAFE = 4
+    c1 = Class.new{
+      def m
+      end
+    }
+    c2 = Class.new(Foo){
+      alias mm m
+    }
+  }.call
+
+  def test
+    begin
+      yield
+    rescue SecurityError
+      $ans << :ok
+    else
+      $ans << :ng
+    end
+  end
 
+  o1 = c1.new
+  o2 = c2.new
+  
+  test{o1.m}
+  test{o2.mm}
+  test{o1.send :m}
+  test{o2.send :mm}
+  test{o1.funcall :m}
+  test{o2.funcall :mm}
+  test{o1.method(:m).call}
+  test{o2.method(:mm).call}
+  $ans
+}
 
diff --git a/eval.c b/eval.c
index a71bff20a4..1729079d6d 100644
--- a/eval.c
+++ b/eval.c
@@ -1343,6 +1343,7 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
     int noex;
     ID id = mid;
     struct cache_entry *ent;
+    rb_thread_t *th = GET_THREAD();
 
     if (!klass) {
 	rb_raise(rb_eNotImpError,
@@ -1351,6 +1352,7 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
     }
     /* is it in the method cache? */
     ent = cache + EXPR1(klass, mid);
+
     if (ent->mid == mid && ent->klass == klass) {
 	if (!ent->method)
 	    return method_missing(recv, mid, argc, argv,
@@ -1372,23 +1374,31 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
 	return method_missing(recv, mid, argc, argv,
 			      scope == 2 ? NOEX_VCALL : 0);
     }
+    
+
     if (mid != missing) {
 	/* receiver specified form for private method */
-	if (((noex & NOEX_MASK) & NOEX_PRIVATE) && scope == 0) {
-	    return method_missing(recv, mid, argc, argv, NOEX_PRIVATE);
-	}
-
-	/* self must be kind of a specified form for protected method */
-	if (((noex & NOEX_MASK) & NOEX_PROTECTED) && scope == 0) {
-	    VALUE defined_class = klass;
+	if (UNLIKELY(noex)) {
+	    if (((noex & NOEX_MASK) & NOEX_PRIVATE) && scope == 0) {
+		return method_missing(recv, mid, argc, argv, NOEX_PRIVATE);
+	    }
 
-	    if (TYPE(defined_class) == T_ICLASS) {
-		defined_class = RBASIC(defined_class)->klass;
+	    /* self must be kind of a specified form for protected method */
+	    if (((noex & NOEX_MASK) & NOEX_PROTECTED) && scope == 0) {
+		VALUE defined_class = klass;
+		
+		if (TYPE(defined_class) == T_ICLASS) {
+		    defined_class = RBASIC(defined_class)->klass;
+		}
+		
+		if (!rb_obj_is_kind_of(rb_frame_self(),
+				       rb_class_real(defined_class))) {
+		    return method_missing(recv, mid, argc, argv, NOEX_PROTECTED);
+		}
 	    }
 
-	    if (!rb_obj_is_kind_of(rb_frame_self(),
-				   rb_class_real(defined_class))) {
-		return method_missing(recv, mid, argc, argv, NOEX_PROTECTED);
+	    if (NOEX_SAFE(noex) > th->safe_level) {
+		rb_raise(rb_eSecurityError, "calling insecure method: %s", rb_id2name(mid));
 	    }
 	}
     }
@@ -1403,9 +1413,8 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
 	//level++;
 	//printf("%s with %d args\n", rb_id2name(mid), argc);
 	*/
-	val =
-	    vm_call0(GET_THREAD(), klass, recv, mid, id, argc, argv, body,
-		     noex & NOEX_NOSUPER);
+	val = vm_call0(th, klass, recv, mid, id, argc, argv, body,
+		       noex & NOEX_NOSUPER);
 	/*
 	//level--;
 	//for(i=0; i<level; i++){printf("  ");}
diff --git a/eval_method.ci b/eval_method.ci
index f91e89c034..5a30596198 100644
--- a/eval_method.ci
+++ b/eval_method.ci
@@ -132,7 +132,7 @@ rb_add_method(VALUE klass, ID mid, NODE * node, int noex)
      *   nd_cnt  : alias count           // (3)
      */
     if (node) {
-	body = NEW_FBODY(NEW_METHOD(node, klass, noex), 0);
+	body = NEW_FBODY(NEW_METHOD(node, klass, NOEX_WITH_SAFE(noex)), 0);
     }
     else {
 	body = 0;
@@ -580,7 +580,7 @@ rb_alias(VALUE klass, ID name, ID def)
 	      (st_data_t) NEW_FBODY(
 		  NEW_METHOD(orig_fbody->nd_body->nd_body,
 			     orig_fbody->nd_body->nd_clss,
-			     orig_fbody->nd_body->nd_noex), def));
+			     NOEX_WITH_SAFE(orig_fbody->nd_body->nd_noex)), def));
 
     rb_clear_cache_by_id(name);
 
diff --git a/include/ruby/node.h b/include/ruby/node.h
index 73c499b61c..e3722e0c41 100644
--- a/include/ruby/node.h
+++ b/include/ruby/node.h
@@ -484,6 +484,10 @@ enum ruby_node_flags {
 #define NOEX_SUPER     0x20
 #define NOEX_VCALL     0x40
 
+#define NOEX_SAFE(n) (((n) >> 8) & 0x0F)
+#define NOEX_WITH(n, s) ((s << 8) | n)
+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, rb_safe_level())
+
 VALUE rb_parser_new(void);
 VALUE rb_parser_end_seen_p(VALUE);
 
diff --git a/insnhelper.ci b/insnhelper.ci
index bb87a432a7..8f71703cb6 100644
--- a/insnhelper.ci
+++ b/insnhelper.ci
@@ -487,23 +487,31 @@ vm_call_method(rb_thread_t *th, rb_control_frame_t *cfp,
 	    val = vm_method_missing(th, id, recv, num, blockptr, stat);
 	}
     }
-    else if (!(flag & VM_CALL_FCALL_BIT) &&
-	     (mn->nd_noex & NOEX_MASK) & NOEX_PRIVATE) {
-	int stat = NOEX_PRIVATE;
-	if (flag & VM_CALL_VCALL_BIT) {
-	    stat |= NOEX_VCALL;
+    else if (UNLIKELY(mn->nd_noex)) {
+	if (!(flag & VM_CALL_FCALL_BIT) &&
+	    (mn->nd_noex & NOEX_MASK) & NOEX_PRIVATE) {
+	    int stat = NOEX_PRIVATE;
+	    if (flag & VM_CALL_VCALL_BIT) {
+		stat |= NOEX_VCALL;
+	    }
+	    val = vm_method_missing(th, id, recv, num, blockptr, stat);
 	}
-	val = vm_method_missing(th, id, recv, num, blockptr, stat);
-    }
-    else if ((mn->nd_noex & NOEX_MASK) & NOEX_PROTECTED) {
-	VALUE defined_class = mn->nd_clss;
+	else if ((mn->nd_noex & NOEX_MASK) & NOEX_PROTECTED) {
+	    VALUE defined_class = mn->nd_clss;
 
-	if (TYPE(defined_class) == T_ICLASS) {
-	    defined_class = RBASIC(defined_class)->klass;
-	}
+	    if (TYPE(defined_class) == T_ICLASS) {
+		defined_class = RBASIC(defined_class)->klass;
+	    }
 
-	if (!rb_obj_is_kind_of(cfp->self, rb_class_real(defined_class))) {
-	    val = vm_method_missing(th, id, recv, num, blockptr, NOEX_PROTECTED);
+	    if (!rb_obj_is_kind_of(cfp->self, rb_class_real(defined_class))) {
+		val = vm_method_missing(th, id, recv, num, blockptr, NOEX_PROTECTED);
+	    }
+	    else {
+		goto normal_method_dispatch;
+	    }
+	}
+	else if (NOEX_SAFE(mn->nd_noex) > th->safe_level) {
+	    rb_raise(rb_eSecurityError, "calling insecure method: %s", rb_id2name(id));
 	}
 	else {
 	    goto normal_method_dispatch;
-- 
cgit v1.2.3