merge revision(s): 53153 and 23405@ruby_1_9_1
* ext/fiddle/handle.c: check tainted string arguments. Patch provided by tenderlove and nobu. * test/fiddle/test_handle.rb (class TestHandle): add test for above. * ext/dl/handle.c (rb_dlhandle_initialize): prohibits DL::dlopen with a tainted name of library. Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. * ext/dl/handle.c (rb_dlhandle_sym): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@53161 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
0bdadc5b7e
commit
073cc5e815
15
ChangeLog
15
ChangeLog
|
@ -1,3 +1,18 @@
|
|||
Wed Dec 16 21:16:55 2015 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
|
||||
|
||||
* ext/fiddle/handle.c: check tainted string arguments.
|
||||
Patch provided by tenderlove and nobu.
|
||||
|
||||
* test/fiddle/test_handle.rb (class TestHandle): add test for above.
|
||||
|
||||
Wed Dec 16 21:16:55 2015 Yuki Sonoda (Yugui) <yugui@yugui.jp>
|
||||
|
||||
* ext/dl/handle.c (rb_dlhandle_initialize): prohibits DL::dlopen
|
||||
with a tainted name of library.
|
||||
Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.
|
||||
|
||||
* ext/dl/handle.c (rb_dlhandle_sym): ditto
|
||||
|
||||
Tue Aug 18 22:00:12 2015 SHIBATA Hiroshi <hsbt@ruby-lang.org>
|
||||
|
||||
* lib/rubygems.rb: bump version to 2.0.14.1. this version fixed
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
#include <ruby.h>
|
||||
#include "dl.h"
|
||||
|
||||
#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v))
|
||||
|
||||
VALUE rb_cDLHandle;
|
||||
|
||||
#ifdef _WIN32
|
||||
|
@ -132,11 +134,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self)
|
|||
cflag = RTLD_LAZY | RTLD_GLOBAL;
|
||||
break;
|
||||
case 1:
|
||||
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
|
||||
clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
|
||||
cflag = RTLD_LAZY | RTLD_GLOBAL;
|
||||
break;
|
||||
case 2:
|
||||
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
|
||||
clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
|
||||
cflag = NUM2INT(flag);
|
||||
break;
|
||||
default:
|
||||
|
@ -265,13 +267,16 @@ VALUE
|
|||
rb_dlhandle_sym(VALUE self, VALUE sym)
|
||||
{
|
||||
struct dl_handle *dlhandle;
|
||||
const char *name;
|
||||
|
||||
name = SafeStringValuePtr(sym);
|
||||
|
||||
TypedData_Get_Struct(self, struct dl_handle, &dlhandle_data_type, dlhandle);
|
||||
if( ! dlhandle->open ){
|
||||
rb_raise(rb_eDLError, "closed handle");
|
||||
}
|
||||
|
||||
return dlhandle_sym(dlhandle->ptr, StringValueCStr(sym));
|
||||
return dlhandle_sym(dlhandle->ptr, name);
|
||||
}
|
||||
|
||||
#ifndef RTLD_NEXT
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#include <ruby.h>
|
||||
#include <fiddle.h>
|
||||
|
||||
#define SafeStringValueCStr(v) (rb_check_safe_obj(rb_string_value(&v)), StringValueCStr(v))
|
||||
|
||||
VALUE rb_cHandle;
|
||||
|
||||
struct dl_handle {
|
||||
|
@ -135,11 +137,11 @@ rb_fiddle_handle_initialize(int argc, VALUE argv[], VALUE self)
|
|||
cflag = RTLD_LAZY | RTLD_GLOBAL;
|
||||
break;
|
||||
case 1:
|
||||
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
|
||||
clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
|
||||
cflag = RTLD_LAZY | RTLD_GLOBAL;
|
||||
break;
|
||||
case 2:
|
||||
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
|
||||
clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
|
||||
cflag = NUM2INT(flag);
|
||||
break;
|
||||
default:
|
||||
|
@ -255,7 +257,7 @@ rb_fiddle_handle_to_i(VALUE self)
|
|||
return PTR2NUM(fiddle_handle);
|
||||
}
|
||||
|
||||
static VALUE fiddle_handle_sym(void *handle, const char *symbol);
|
||||
static VALUE fiddle_handle_sym(void *handle, VALUE symbol);
|
||||
|
||||
/*
|
||||
* Document-method: sym
|
||||
|
@ -274,7 +276,7 @@ rb_fiddle_handle_sym(VALUE self, VALUE sym)
|
|||
rb_raise(rb_eFiddleError, "closed handle");
|
||||
}
|
||||
|
||||
return fiddle_handle_sym(fiddle_handle->ptr, StringValueCStr(sym));
|
||||
return fiddle_handle_sym(fiddle_handle->ptr, sym);
|
||||
}
|
||||
|
||||
#ifndef RTLD_NEXT
|
||||
|
@ -297,11 +299,11 @@ rb_fiddle_handle_sym(VALUE self, VALUE sym)
|
|||
static VALUE
|
||||
rb_fiddle_handle_s_sym(VALUE self, VALUE sym)
|
||||
{
|
||||
return fiddle_handle_sym(RTLD_NEXT, StringValueCStr(sym));
|
||||
return fiddle_handle_sym(RTLD_NEXT, sym);
|
||||
}
|
||||
|
||||
static VALUE
|
||||
fiddle_handle_sym(void *handle, const char *name)
|
||||
fiddle_handle_sym(void *handle, VALUE symbol)
|
||||
{
|
||||
#if defined(HAVE_DLERROR)
|
||||
const char *err;
|
||||
|
@ -310,6 +312,7 @@ fiddle_handle_sym(void *handle, const char *name)
|
|||
# define CHECK_DLERROR
|
||||
#endif
|
||||
void (*func)();
|
||||
const char *name = SafeStringValueCStr(symbol);
|
||||
|
||||
rb_secure(2);
|
||||
#ifdef HAVE_DLERROR
|
||||
|
@ -359,7 +362,7 @@ fiddle_handle_sym(void *handle, const char *name)
|
|||
}
|
||||
#endif
|
||||
if( !func ){
|
||||
rb_raise(rb_eFiddleError, "unknown symbol \"%s\"", name);
|
||||
rb_raise(rb_eFiddleError, "unknown symbol \"%"PRIsVALUE"\"", symbol);
|
||||
}
|
||||
|
||||
return PTR2NUM(func);
|
||||
|
|
|
@ -10,6 +10,23 @@ module Fiddle
|
|||
|
||||
include Test::Unit::Assertions
|
||||
|
||||
def test_safe_handle_open
|
||||
t = Thread.new do
|
||||
$SAFE = 1
|
||||
Fiddle::Handle.new(LIBC_SO.taint)
|
||||
end
|
||||
assert_raise(SecurityError) { t.value }
|
||||
end
|
||||
|
||||
def test_safe_function_lookup
|
||||
t = Thread.new do
|
||||
h = Fiddle::Handle.new(LIBC_SO)
|
||||
$SAFE = 1
|
||||
h["qsort".taint]
|
||||
end
|
||||
assert_raise(SecurityError) { t.value }
|
||||
end
|
||||
|
||||
def test_to_i
|
||||
handle = Fiddle::Handle.new(LIBC_SO)
|
||||
assert_kind_of Integer, handle.to_i
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
#define RUBY_VERSION "2.0.0"
|
||||
#define RUBY_RELEASE_DATE "2015-08-18"
|
||||
#define RUBY_PATCHLEVEL 647
|
||||
#define RUBY_RELEASE_DATE "2015-12-16"
|
||||
#define RUBY_PATCHLEVEL 648
|
||||
|
||||
#define RUBY_RELEASE_YEAR 2015
|
||||
#define RUBY_RELEASE_MONTH 8
|
||||
#define RUBY_RELEASE_DAY 18
|
||||
#define RUBY_RELEASE_MONTH 12
|
||||
#define RUBY_RELEASE_DAY 16
|
||||
|
||||
#include "ruby/version.h"
|
||||
|
||||
|
|
Loading…
Reference in New Issue