1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

random.c: check initialize and load

* random.c (random_init, random_load): cannot initialize frozen object
  again, nor with tainted/untrusted object.  [Bug #6540]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2012-06-22 04:36:54 +00:00
parent 77898c33e3
commit 0b0dea752c
3 changed files with 29 additions and 0 deletions

View file

@ -1,3 +1,8 @@
Fri Jun 22 13:36:50 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* random.c (random_init, random_load): cannot initialize frozen object
again, nor with tainted/untrusted object. [Bug #6540]
Fri Jun 22 13:32:33 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
* error.c (rb_check_copyable): new function, to ensure the target is

View file

@ -462,10 +462,12 @@ random_init(int argc, VALUE *argv, VALUE obj)
rb_random_t *rnd = get_rnd(obj);
if (argc == 0) {
rb_check_frozen(obj);
vseed = random_seed();
}
else {
rb_scan_args(argc, argv, "01", &vseed);
rb_check_copyable(obj, vseed);
}
rnd->seed = rand_init(&rnd->mt, vseed);
return obj;
@ -686,6 +688,7 @@ random_load(VALUE obj, VALUE dump)
VALUE *ary;
unsigned long x;
rb_check_copyable(obj, dump);
Check_Type(dump, T_ARRAY);
ary = RARRAY_PTR(dump);
switch (RARRAY_LEN(dump)) {

View file

@ -484,4 +484,25 @@ END
Random.new.marshal_load(0)
}
end
def test_marshal_load_frozen
r = Random.new(0)
d = r.marshal_dump
r.freeze
assert_raise(RuntimeError, '[Bug #6540]') do
r.marshal_load(d)
end
end
def test_marshal_load_insecure
r = Random.new(0)
d = r.marshal_dump
l = proc do
$SAFE = 4
r.marshal_load(d)
end
assert_raise(SecurityError, '[Bug #6540]') do
l.call
end
end
end