1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1033 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
matz 2000-11-10 07:16:52 +00:00
parent 13f2744b2e
commit 087c83d7ce
6 changed files with 29 additions and 5 deletions

View file

@ -1,3 +1,15 @@
Fri Nov 10 16:15:53 2000 Yukihiro Matsumoto <matz@ruby-lang.org>
* parse.y (yylex): eval("^") caused infinite loop.
Thu Nov 9 14:22:13 2000 Yukihiro Matsumoto <matz@ruby-lang.org>
* io.c (rb_io_taint_check): should check IO taintness; no
operation for untainted IO should be allowed in the sandbox.
* rubyio.h (GetOpenFile): check IO taintness inside using
rb_io_taint_check().
Wed Nov 8 03:08:53 2000 Yukihiro Matsumoto <matz@ruby-lang.org>
* io.c (io_fflush): ensure fflush(3) would not block by calling

9
io.c
View file

@ -143,6 +143,15 @@ rb_eof_error()
rb_raise(rb_eEOFError, "End of file reached");
}
VALUE
rb_io_taint_check(io)
VALUE io;
{
if (!OBJ_TAINTED(io) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: operation on untainted IO");
return io;
}
void
rb_io_check_closed(fptr)
OpenFile *fptr;

View file

@ -3280,12 +3280,12 @@ yylex()
case '^':
lex_state = EXPR_BEG;
if (nextc() == '=') {
if ((c = nextc()) == '=') {
yylval.id = '^';
return tOP_ASGN;
}
pushback(c);
return c;
return '^';
case ',':
case ';':

View file

@ -3766,6 +3766,7 @@ re_match(bufp, string_arg, size, pos, regs)
case start_nowidth:
PUSH_FAILURE_POINT(0, d);
printf("%d > %d\n", stackp - stackb, RE_DUP_MAX);
if (stackp - stackb > RE_DUP_MAX) {
FREE_AND_RETURN(stackb,(-2));
}

View file

@ -32,7 +32,7 @@ typedef struct OpenFile {
#define FMODE_BINMODE 4
#define FMODE_SYNC 8
#define GetOpenFile(obj,fp) rb_io_check_closed((fp) = RFILE(obj)->fptr)
#define GetOpenFile(obj,fp) rb_io_check_closed((fp) = RFILE(rb_io_taint_check(obj))->fptr)
#define MakeOpenFile(obj, fp) do {\
fp = 0;\
@ -57,6 +57,8 @@ void rb_io_check_readable _((OpenFile*));
void rb_io_fptr_finalize _((OpenFile*));
void rb_io_synchronized _((OpenFile*));
void rb_io_check_closed _((OpenFile*));
VALUE rb_io_taint_check _((VALUE));
void rb_eof_error _((void));
void rb_read_check _((FILE*));

View file

@ -1,4 +1,4 @@
#define RUBY_VERSION "1.6.2"
#define RUBY_RELEASE_DATE "2000-11-08"
#define RUBY_RELEASE_DATE "2000-11-10"
#define RUBY_VERSION_CODE 162
#define RUBY_RELEASE_CODE 20001108
#define RUBY_RELEASE_CODE 20001110