archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-15 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

merge revision(s) 46547: [Backport #9976]

Browse source 
* hash.c (env_aset, env_has_key, env_assoc, env_has_value),
	  (env_rassoc, env_key): prohibit tainted strings if $SAFE is
	  non-zero.  [Bug #9976]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@47492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
usa 2014-09-10 02:42:11 +00:00
parent 7fdb955c36
commit 5483a6b8fe
4 changed files with 99 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Wed Sep 10 11:39:54 2014 Nobuyoshi Nakada <nobu@ruby-lang.org>
* hash.c (env_aset, env_has_key, env_assoc, env_has_value),
(env_rassoc, env_key): prohibit tainted strings if $SAFE is
non-zero. [Bug #9976]
Sat Sep 6 09:10:45 2014 Zachary Scott <e@zzak.io>
* lib/rdoc/generator/template/darkfish/js/jquery.js: Backport

14
hash.c
View file

@ -2547,8 +2547,8 @@ env_aset(VALUE obj, VALUE nm, VALUE val)
env_delete(obj, nm);
return Qnil;
}
StringValue(nm);
StringValue(val);
SafeStringValue(nm);
SafeStringValue(val);
name = RSTRING_PTR(nm);
value = RSTRING_PTR(val);
if (memchr(name, '\0', RSTRING_LEN(nm)))
@ -3048,7 +3048,8 @@ env_has_key(VALUE env, VALUE key)
char *s;
rb_secure(4);
s = StringValuePtr(key);
SafeStringValue(key);
s = RSTRING_PTR(key);
if (memchr(s, '\0', RSTRING_LEN(key)))
rb_raise(rb_eArgError, "bad environment variable name");
if (getenv(s)) return Qtrue;
@ -3068,7 +3069,8 @@ env_assoc(VALUE env, VALUE key)
char *s, *e;
rb_secure(4);
s = StringValuePtr(key);
SafeStringValue(key);
s = RSTRING_PTR(key);
if (memchr(s, '\0', RSTRING_LEN(key)))
rb_raise(rb_eArgError, "bad environment variable name");
e = getenv(s);
@ -3091,6 +3093,7 @@ env_has_value(VALUE dmy, VALUE obj)
rb_secure(4);
obj = rb_check_string_type(obj);
if (NIL_P(obj)) return Qnil;
rb_check_safe_obj(obj);
env = GET_ENVIRON(environ);
while (*env) {
char *s = strchr(*env, '=');
@ -3122,6 +3125,7 @@ env_rassoc(VALUE dmy, VALUE obj)
rb_secure(4);
obj = rb_check_string_type(obj);
if (NIL_P(obj)) return Qnil;
rb_check_safe_obj(obj);
env = GET_ENVIRON(environ);
while (*env) {
char *s = strchr(*env, '=');
@ -3153,7 +3157,7 @@ env_key(VALUE dmy, VALUE value)
VALUE str;
rb_secure(4);
StringValue(value);
SafeStringValue(value);
env = GET_ENVIRON(environ);
while (*env) {
char *s = strchr(*env, '=');

81
test/ruby/test_env.rb
View file

@ -448,4 +448,85 @@ class TestEnv < Test::Unit::TestCase
end;
end
end
def test_taint_aref
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV["FOO".taint]
end.call
end
end
def test_taint_fetch
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV.fetch("FOO".taint)
end.call
end
end
def test_taint_assoc
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV.assoc("FOO".taint)
end.call
end
end
def test_taint_rassoc
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV.rassoc("FOO".taint)
end.call
end
end
def test_taint_key
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV.key("FOO".taint)
end.call
end
end
def test_taint_key_p
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV.key?("FOO".taint)
end.call
end
end
def test_taint_value_p
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV.value?("FOO".taint)
end.call
end
end
def test_taint_aset_value
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV["FOO"] = "BAR".taint
end.call
end
end
def test_taint_aset_key
assert_raise(SecurityError) do
proc do
$SAFE = 2
ENV["FOO".taint] = "BAR"
end.call
end
end
end

6
version.h
View file

@ -1,10 +1,10 @@
#define RUBY_VERSION "2.0.0"
#define RUBY_RELEASE_DATE "2014-09-06"
#define RUBY_PATCHLEVEL 556
#define RUBY_RELEASE_DATE "2014-09-10"
#define RUBY_PATCHLEVEL 557
#define RUBY_RELEASE_YEAR 2014
#define RUBY_RELEASE_MONTH 9
#define RUBY_RELEASE_DAY 6
#define RUBY_RELEASE_DAY 10
#include "ruby/version.h"