From bede15ac5e701ed08f3fc64c2dba03d3f393c652 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 14 May 2013 11:27:08 +0000
Subject: merge revision(s) 40728:

	* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when
	  $SAFE > 0.

	* ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.

	* test/fiddle/test_func.rb (module Fiddle): add test for above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@40732 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog             | 8 ++++++++
 ext/dl/lib/dl/func.rb | 3 +++
 ext/fiddle/function.c | 9 +++++++++
 version.h             | 2 +-
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 46ee9107fa..15b5867d7d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Tue May 14 20:25:58 2013  CHIKANAGA Tomoyuki  <nagachika@ruby-lang.org>
+
+	* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when
+	  $SAFE > 0.
+	* ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.
+	* test/fiddle/test_func.rb (module Fiddle): add test for above.
+
+
 Tue May 14 11:36:22 2013  Shugo Maeda  <shugo@ruby-lang.org>
 
 	* lib/net/imap.rb (getacl_response): parse the mailbox of an ACL
diff --git a/ext/dl/lib/dl/func.rb b/ext/dl/lib/dl/func.rb
index 7b9b54f318..9a984ed2b7 100644
--- a/ext/dl/lib/dl/func.rb
+++ b/ext/dl/lib/dl/func.rb
@@ -92,6 +92,9 @@ module DL
         super
       else
         funcs = []
+        if $SAFE >= 1 && args.any? { |x| x.tainted? }
+          raise SecurityError, "tainted parameter not allowed"
+        end
         _args = wrap_args(args, @stack.types, funcs, &block)
         r = @cfunc.call(@stack.pack(_args))
         funcs.each{|f| f.unbind_at_call()}
diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c
index ada37a4942..52f7695eb7 100644
--- a/ext/fiddle/function.c
+++ b/ext/fiddle/function.c
@@ -101,6 +101,15 @@ function_call(int argc, VALUE argv[], VALUE self)
 
     TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif);
 
+    if (rb_safe_level() >= 1) {
+	for (i = 0; i < argc; i++) {
+	    VALUE src = argv[i];
+	    if (OBJ_TAINTED(src)) {
+		rb_raise(rb_eSecurityError, "tainted parameter not allowed");
+	    }
+	}
+    }
+
     values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *));
     generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic));
 
diff --git a/version.h b/version.h
index 8defd4b1c3..cedab99dc7 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.3"
-#define RUBY_PATCHLEVEL 425
+#define RUBY_PATCHLEVEL 426
 
 #define RUBY_RELEASE_DATE "2013-05-14"
 #define RUBY_RELEASE_YEAR 2013
-- 
cgit v1.2.3