merges r21917, r21955 and r21974 from trunk into ruby_1_9_1.

* load.c (rb_require_safe): raises when the path to be loaded is tainted. [ruby-dev:37843] --- * file.c (rb_find_file_ext): should not be infected from other load paths. --- * adds a test case for r21955 and r21917. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@22500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-15 16:44:01 +02:00 · 2009-02-22 04:30:22 +00:00 · 2009-02-22 04:30:22 +00:00 · abc40f03ef
commit abc40f03ef
parent cb2f0c9d14
4 changed files with 62 additions and 1 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+Mon Feb  2 17:05:55 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* file.c (rb_find_file_ext): should not be infected from other
+	  load paths.
+
+Sat Jan 31 19:09:30 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* load.c (rb_require_safe): raises when the path to be loaded is
+	  tainted.  [ruby-dev:37843]
+
 Mon Feb  2 08:12:50 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* lib/xmlrpc/server.rb (Server#serve): gets rid of hardcoded
--- a/file.c
+++ b/file.c
@ -4551,6 +4551,7 @@ rb_find_file_ext(VALUE *filep, const char *const *ext)
 		*filep = tmp;
 		return j+1;
 	    }
+	    FL_UNSET(tmp, FL_TAINT | FL_UNTRUSTED);
 	}
 	rb_str_set_len(fname, fnlen);
    }
--- a/load.c
+++ b/load.c
@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe)
 	rb_set_safe_level_force(safe);
 	FilePathValue(fname);
 	RB_GC_GUARD(fname) = rb_str_new4(fname);
+	rb_set_safe_level_force(0);
 	found = search_required(fname, &path);
 	if (found) {
 	    if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) {
 		result = Qfalse;
 	    }
 	    else {
-		rb_set_safe_level_force(0);
+		if (safe > 0 && OBJ_TAINTED(path)) {
+		    rb_raise(rb_eSecurityError, "cannot load from insecure path - %s",
+			     RSTRING_PTR(path));
+		}
 		switch (found) {
 		  case 'r':
 		    rb_load(path, 0);
--- a/test/ruby/test_require.rb
+++ b/test/ruby/test_require.rb
@ -195,4 +195,50 @@ class TestRequire < Test::Unit::TestCase

    assert_raise(ArgumentError) { at_exit }
  end
+
+  def test_tainted_loadpath
+    t = Tempfile.new(["test_ruby_test_require", ".rb"])
+    abs_dir, file = File.dirname(t.path), File.basename(t.path)
+    abs_dir = File.expand_path(abs_dir).untaint
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir
+      require "#{ file }"
+      p :ok
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir.taint
+      require "#{ file }"
+      p :ok
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir.taint
+      $SAFE = 1
+      begin
+        require "#{ file }"
+      rescue SecurityError
+        p :ok
+      end
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir.taint
+      $SAFE = 1
+      require "#{ t.path }"
+      p :ok
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir << 'elsewhere'.taint
+      require "#{ file }"
+      p :ok
+    INPUT
+  end
 end