archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-20 19:14:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

merge revision(s) 33201,33249,33328: [Backport #5564]

Browse source 
* encoding.c (load_encoding): predefined encoding names are safe.
	  [ruby-dev:44469] [Bug #5279]

	* transcode.c (load_transcoder_entry): ditto.

	* encoding.c (require_enc): reject only loading from untrusted
	  load paths.  [ruby-dev:44541] [Bug #5279]

	* transcode.c (load_transcoder_entry): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@34465 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
naruse 2012-02-08 00:40:44 +00:00
parent 911e4ee15a
commit b7f40d86af
5 changed files with 24 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ChangeLog
View file

@ -1,3 +1,17 @@
Wed Feb 8 09:36:42 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* encoding.c (require_enc): reject only loading from untrusted
load paths. [ruby-dev:44541] [Bug #5279]
* transcode.c (load_transcoder_entry): ditto.
Wed Feb 8 09:36:42 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* encoding.c (load_encoding): predefined encoding names are safe.
[ruby-dev:44469] [Bug #5279]
* transcode.c (load_transcoder_entry): ditto.
Tue Feb 7 14:29:16 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> Tue Feb 7 14:29:16 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* st.c (st_foreach): should not yield same pair when checking * st.c (st_foreach): should not yield same pair when checking

3
encoding.c
View file

@ -536,7 +536,8 @@ rb_enc_registered(const char *name)
static VALUE static VALUE
require_enc(VALUE enclib) require_enc(VALUE enclib)
{ {
return rb_require_safe(enclib, rb_safe_level()); int safe = rb_safe_level();
return rb_require_safe(enclib, safe > 3 ? 3 : safe);
} }
static int static int

14
test/ruby/test_encoding.rb
View file

@ -50,6 +50,9 @@ class TestEncoding < Test::Unit::TestCase
exit Encoding.find("filesystem") == Encoding::EUC_JP exit Encoding.find("filesystem") == Encoding::EUC_JP
EOS EOS
end end
bug5150 = '[ruby-dev:44327]'
assert_raise(TypeError, bug5150) {Encoding.find(1)}
end end
def test_replicate def test_replicate
@ -96,15 +99,4 @@ class TestEncoding < Test::Unit::TestCase
str2 = Marshal.load(Marshal.dump(str2)) str2 = Marshal.load(Marshal.dump(str2))
assert_equal(str, str2, '[ruby-dev:38596]') assert_equal(str, str2, '[ruby-dev:38596]')
end end
def test_unsafe
bug5279 = '[ruby-dev:44469]'
assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279)
end
def test_compatible_p
ua = "abc".force_encoding(Encoding::UTF_8)
assert_equal(Encoding::UTF_8, Encoding.compatible?(ua, :abc))
assert_equal(nil, Encoding.compatible?(ua, 1))
end
end end

3
transcode.c
View file

@ -369,6 +369,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
size_t len = strlen(lib); size_t len = strlen(lib);
char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN]; char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN];
VALUE fn; VALUE fn;
const int safe = rb_safe_level();
entry->lib = NULL; entry->lib = NULL;
@ -379,7 +380,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
fn = rb_str_new2(path); fn = rb_str_new2(path);
FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED);
OBJ_FREEZE(fn); OBJ_FREEZE(fn);
if (!rb_require_safe(fn, rb_safe_level())) if (!rb_require_safe(fn, safe > 3 ? 3 : safe))
return NULL; return NULL;
} }

6
version.h
View file

@ -1,10 +1,10 @@
#define RUBY_VERSION "1.9.3" #define RUBY_VERSION "1.9.3"
#define RUBY_PATCHLEVEL 50 #define RUBY_PATCHLEVEL 51
#define RUBY_RELEASE_DATE "2012-02-07" #define RUBY_RELEASE_DATE "2012-02-08"
#define RUBY_RELEASE_YEAR 2012 #define RUBY_RELEASE_YEAR 2012
#define RUBY_RELEASE_MONTH 2 #define RUBY_RELEASE_MONTH 2
#define RUBY_RELEASE_DAY 7 #define RUBY_RELEASE_DAY 8
#include "ruby/version.h" #include "ruby/version.h"