mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
random.c: check initialize and load
* random.c (random_init, random_load): cannot initialize frozen object again, nor with tainted/untrusted object. [Bug #6540] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
77898c33e3
commit
0b0dea752c
3 changed files with 29 additions and 0 deletions
|
@ -1,3 +1,8 @@
|
|||
Fri Jun 22 13:36:50 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||
|
||||
* random.c (random_init, random_load): cannot initialize frozen object
|
||||
again, nor with tainted/untrusted object. [Bug #6540]
|
||||
|
||||
Fri Jun 22 13:32:33 2012 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||
|
||||
* error.c (rb_check_copyable): new function, to ensure the target is
|
||||
|
|
3
random.c
3
random.c
|
@ -462,10 +462,12 @@ random_init(int argc, VALUE *argv, VALUE obj)
|
|||
rb_random_t *rnd = get_rnd(obj);
|
||||
|
||||
if (argc == 0) {
|
||||
rb_check_frozen(obj);
|
||||
vseed = random_seed();
|
||||
}
|
||||
else {
|
||||
rb_scan_args(argc, argv, "01", &vseed);
|
||||
rb_check_copyable(obj, vseed);
|
||||
}
|
||||
rnd->seed = rand_init(&rnd->mt, vseed);
|
||||
return obj;
|
||||
|
@ -686,6 +688,7 @@ random_load(VALUE obj, VALUE dump)
|
|||
VALUE *ary;
|
||||
unsigned long x;
|
||||
|
||||
rb_check_copyable(obj, dump);
|
||||
Check_Type(dump, T_ARRAY);
|
||||
ary = RARRAY_PTR(dump);
|
||||
switch (RARRAY_LEN(dump)) {
|
||||
|
|
|
@ -484,4 +484,25 @@ END
|
|||
Random.new.marshal_load(0)
|
||||
}
|
||||
end
|
||||
|
||||
def test_marshal_load_frozen
|
||||
r = Random.new(0)
|
||||
d = r.marshal_dump
|
||||
r.freeze
|
||||
assert_raise(RuntimeError, '[Bug #6540]') do
|
||||
r.marshal_load(d)
|
||||
end
|
||||
end
|
||||
|
||||
def test_marshal_load_insecure
|
||||
r = Random.new(0)
|
||||
d = r.marshal_dump
|
||||
l = proc do
|
||||
$SAFE = 4
|
||||
r.marshal_load(d)
|
||||
end
|
||||
assert_raise(SecurityError, '[Bug #6540]') do
|
||||
l.call
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue