archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-15 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

merge revision(s) 38357,38363: [Backport #7325]

Browse source 
* marshal.c (r_entry0): don't taint classes and modules because
	  Marshal.load just return the dumped classes and modules.
	  [Bug #7325] [ruby-core:49198]

	* test/ruby/test_marshal.rb: related test.
	  Marshal.load just returns the dumped classes and modules.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@38468 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
usa 2012-12-19 12:13:19 +00:00
parent a747366aec
commit 60e7104fd8
4 changed files with 31 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog
View file

@ -1,3 +1,11 @@
Wed Dec 19 21:12:49 2012 Shugo Maeda <shugo@ruby-lang.org>
* marshal.c (r_entry0): don't taint classes and modules because
Marshal.load just returns the dumped classes and modules.
[Bug #7325] [ruby-core:49198]
* test/ruby/test_marshal.rb: related test.
Tue Dec 11 19:19:33 2012 Luis Lavena <luislavena@gmail.com> Tue Dec 11 19:19:33 2012 Luis Lavena <luislavena@gmail.com>
* win32/file.c (replace_to_long_name): correct logic around wildcard * win32/file.c (replace_to_long_name): correct logic around wildcard

3
marshal.c
View file

@ -1214,7 +1214,8 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg)
else { else {
st_insert(arg->data, num, (st_data_t)v); st_insert(arg->data, num, (st_data_t)v);
} }
if (arg->infection) { if (arg->infection &&
TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) {
FL_SET(v, arg->infection); FL_SET(v, arg->infection);
if ((VALUE)real_obj != Qundef) if ((VALUE)real_obj != Qundef)
FL_SET((VALUE)real_obj, arg->infection); FL_SET((VALUE)real_obj, arg->infection);

18
test/ruby/test_marshal.rb
View file

@ -483,4 +483,22 @@ class TestMarshal < Test::Unit::TestCase
assert_equal(Rational(1, 2), Marshal.load("\x04\bU:\rRational[\ai\x06i\a")) assert_equal(Rational(1, 2), Marshal.load("\x04\bU:\rRational[\ai\x06i\a"))
assert_raise(ArgumentError){Marshal.load("\x04\bU:\rRational[\bi\x00i\x00i\x00")} assert_raise(ArgumentError){Marshal.load("\x04\bU:\rRational[\bi\x00i\x00i\x00")}
end end
class TestClass
end
module TestModule
end
def test_marshal_load_should_not_taint_classes
bug7325 = '[ruby-core:49198]'
for c in [TestClass, TestModule]
assert(!c.tainted?)
assert(!c.untrusted?)
c2 = Marshal.load(Marshal.dump(c).taint.untrust)
assert_same(c, c2)
assert(!c.tainted?, bug7325)
assert(!c.untrusted?, bug7325)
end
end
end end

6
version.h
View file

@ -1,10 +1,10 @@
#define RUBY_VERSION "1.9.3" #define RUBY_VERSION "1.9.3"
#define RUBY_PATCHLEVEL 341 #define RUBY_PATCHLEVEL 342
#define RUBY_RELEASE_DATE "2012-12-13" #define RUBY_RELEASE_DATE "2012-12-19"
#define RUBY_RELEASE_YEAR 2012 #define RUBY_RELEASE_YEAR 2012
#define RUBY_RELEASE_MONTH 12 #define RUBY_RELEASE_MONTH 12
#define RUBY_RELEASE_DAY 13 #define RUBY_RELEASE_DAY 19
#include "ruby/version.h" #include "ruby/version.h"