merge revision(s) 40728:

* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when $SAFE > 0. * ext/fiddle/function.c (function_call): check tainted when $SAFE > 0. * test/fiddle/test_func.rb (module Fiddle): add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@40729 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-18 01:54:00 +02:00 · 2013-05-14 11:13:40 +00:00 · 2013-05-14 11:13:40 +00:00 · 19f0852363
commit 19f0852363
parent 25e5b66798
5 changed files with 33 additions and 3 deletions
--- a/test/fiddle/test_func.rb
+++ b/test/fiddle/test_func.rb
@ -7,6 +7,16 @@ module Fiddle
      assert_nil f.call(10)
    end

+    def test_syscall_with_tainted_string
+      f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
+      assert_raises(SecurityError) do
+        Thread.new {
+          $SAFE = 1
+          f.call("uname -rs".taint)
+        }.join
+      end
+    end
+
    def test_sinf
      begin
        f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)