merges r25017 from trunk into ruby_1_9_1 and a test for it.

-- * ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377] -- * test/openssl/test_config.rb (OpenSSL::TestConfig): new test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@25945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-08-15 13:39:04 +02:00 · 2009-11-27 02:54:46 +00:00 · 2009-11-27 02:54:46 +00:00 · 19e6cfef5f
commit 19e6cfef5f
parent 5cef0eec38
4 changed files with 30 additions and 1 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Tue Sep 22 01:10:02 2009  Marc-Andre Lafortune  <ruby-core@marc-andre.ca>
+
+	* ossl_config.c (ossl_config_add_value_m, ossl_config_set_section):
+	  Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
+
 Sun Sep 20 11:11:34 2009  Marc-Andre Lafortune  <ruby-core@marc-andre.ca>

 	* struct.c (rb_struct_equal, rb_struct_eql): Handle comparison of
--- a/ext/openssl/ossl_config.c
+++ b/ext/openssl/ossl_config.c
@ -192,6 +192,14 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
 #endif
 }

+static void
+rb_ossl_config_modify_check(VALUE config)
+{
+    if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
+    if (!OBJ_UNTRUSTED(config) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
+}
+
 static VALUE
 ossl_config_get_value(VALUE self, VALUE section, VALUE name)
 {
@ -247,6 +255,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash)
 {
    VALUE arg[2];

+    rb_ossl_config_modify_check(self);
    arg[0] = self;
    arg[1] = section;
    rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg);
--- a/test/openssl/test_config.rb
+++ b/test/openssl/test_config.rb
@ -0,0 +1,15 @@
+require 'openssl'
+require "test/unit"
+
+class OpenSSL::TestConfig < Test::Unit::TestCase
+  def test_freeze
+    c = OpenSSL::Config.new
+    c['foo'] = [['key', 'value']]
+    c.freeze
+
+    # [ruby-core:18377]
+    assert_raise(RuntimeError, /frozen/) do
+      c['foo'] = [['key', 'wrong']]
+    end
+  end
+end
--- a/version.h
+++ b/version.h
@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.1"
-#define RUBY_PATCHLEVEL 346
+#define RUBY_PATCHLEVEL 347
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 9
 #define RUBY_VERSION_TEENY 1