archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-17 09:33:59 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

merge revision(s) 40728:

Browse source 
* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when
	  $SAFE > 0.

	* ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.

	* test/fiddle/test_func.rb (module Fiddle): add test for above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@40729 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nagachika 2013-05-14 11:13:40 +00:00
parent 25e5b66798
commit 19f0852363
5 changed files with 33 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog
View file

@ -1,3 +1,11 @@
Tue May 14 20:11:00 2013 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when
$SAFE > 0.
* ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.
* test/fiddle/test_func.rb (module Fiddle): add test for above.
Sun May 12 22:42:25 2013 KOSAKI Motohiro <kosaki.motohiro@gmail.com> Sun May 12 22:42:25 2013 KOSAKI Motohiro <kosaki.motohiro@gmail.com>
* signal.c (rb_f_kill): fixes typo. s/HAS_KILLPG/HAVE_KILLPG/. * signal.c (rb_f_kill): fixes typo. s/HAS_KILLPG/HAVE_KILLPG/.

3
ext/dl/lib/dl/func.rb
View file

@ -92,6 +92,9 @@ module DL
super super
else else
funcs = [] funcs = []
if $SAFE >= 1 && args.any? { |x| x.tainted? }
raise SecurityError, "tainted parameter not allowed"
end
_args = wrap_args(args, @stack.types, funcs, &block) _args = wrap_args(args, @stack.types, funcs, &block)
r = @cfunc.call(@stack.pack(_args)) r = @cfunc.call(@stack.pack(_args))
funcs.each{|f| f.unbind_at_call()} funcs.each{|f| f.unbind_at_call()}

9
ext/fiddle/function.c
View file

@ -126,6 +126,15 @@ function_call(int argc, VALUE argv[], VALUE self)
TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif); TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif);
if (rb_safe_level() >= 1) {
for (i = 0; i < argc; i++) {
VALUE src = argv[i];
if (OBJ_TAINTED(src)) {
rb_raise(rb_eSecurityError, "tainted parameter not allowed");
}
}
}
values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *)); values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *));
generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic)); generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic));

10
test/fiddle/test_func.rb
View file

@ -7,6 +7,16 @@ module Fiddle
assert_nil f.call(10) assert_nil f.call(10)
end end
def test_syscall_with_tainted_string
f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
assert_raises(SecurityError) do
Thread.new {
$SAFE = 1
f.call("uname -rs".taint)
}.join
end
end
def test_sinf def test_sinf
begin begin
f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT) f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)

6
version.h
View file

@ -1,10 +1,10 @@
#define RUBY_VERSION "2.0.0" #define RUBY_VERSION "2.0.0"
#define RUBY_RELEASE_DATE "2013-05-12" #define RUBY_RELEASE_DATE "2013-05-14"
#define RUBY_PATCHLEVEL 193 #define RUBY_PATCHLEVEL 194
#define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_YEAR 2013
#define RUBY_RELEASE_MONTH 5 #define RUBY_RELEASE_MONTH 5
#define RUBY_RELEASE_DAY 12 #define RUBY_RELEASE_DAY 14
#include "ruby/version.h" #include "ruby/version.h"