mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a
security error with the tainted string object. * ext/win32ole/win32ole_event.c(ev_advise): ditto. * test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted, test_s_new_exc_host_tainted): ditto. * test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
682f3a7881
commit
108c4e4495
5 changed files with 73 additions and 12 deletions
|
@ -1,3 +1,12 @@
|
|||
Mon Aug 25 20:15:50 2014 Masaki Suketa <masaki.suketa@nifty.ne.jp>
|
||||
|
||||
* ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a
|
||||
security error with the tainted string object.
|
||||
* ext/win32ole/win32ole_event.c(ev_advise): ditto.
|
||||
* test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted,
|
||||
test_s_new_exc_host_tainted): ditto.
|
||||
* test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto.
|
||||
|
||||
Mon Aug 25 12:56:54 2014 Ivan Korunkov <ivankorunkov@ya.ru>
|
||||
|
||||
* lib/logger.rb (format_datetime): use "%6N" to show microsecond.
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
const IID IID_IMultiLanguage2 = {0xDCCFC164, 0x2B38, 0x11d2, {0xB7, 0xEC, 0x00, 0xC0, 0x4F, 0x8F, 0x5D, 0x9A}};
|
||||
#endif
|
||||
|
||||
#define WIN32OLE_VERSION "1.7.7"
|
||||
#define WIN32OLE_VERSION "1.7.8"
|
||||
|
||||
typedef HRESULT (STDAPICALLTYPE FNCOCREATEINSTANCEEX)
|
||||
(REFCLSID, IUnknown*, DWORD, COSERVERINFO*, DWORD, MULTI_QI*);
|
||||
|
@ -1907,10 +1907,10 @@ fole_s_connect(int argc, VALUE *argv, VALUE self)
|
|||
ole_initialize();
|
||||
|
||||
rb_scan_args(argc, argv, "1*", &svr_name, &others);
|
||||
SafeStringValue(svr_name);
|
||||
StringValue(svr_name);
|
||||
if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
|
||||
rb_raise(rb_eSecurityError, "Insecure Object Connection - %s",
|
||||
StringValuePtr(svr_name));
|
||||
rb_raise(rb_eSecurityError, "insecure connection - `%s'",
|
||||
StringValuePtr(svr_name));
|
||||
}
|
||||
|
||||
/* get CLSID from OLE server name */
|
||||
|
@ -2390,16 +2390,16 @@ fole_initialize(int argc, VALUE *argv, VALUE self)
|
|||
rb_call_super(0, 0);
|
||||
rb_scan_args(argc, argv, "11*", &svr_name, &host, &others);
|
||||
|
||||
SafeStringValue(svr_name);
|
||||
StringValue(svr_name);
|
||||
if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
|
||||
rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
|
||||
rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
|
||||
StringValuePtr(svr_name));
|
||||
}
|
||||
if (!NIL_P(host)) {
|
||||
SafeStringValue(host);
|
||||
StringValue(host);
|
||||
if (rb_safe_level() > 0 && OBJ_TAINTED(host)) {
|
||||
rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
|
||||
StringValuePtr(svr_name));
|
||||
rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
|
||||
StringValuePtr(host));
|
||||
}
|
||||
return ole_create_dcom(self, svr_name, host, others);
|
||||
}
|
||||
|
|
|
@ -897,12 +897,11 @@ ev_advise(int argc, VALUE *argv, VALUE self)
|
|||
}
|
||||
|
||||
if(!RB_TYPE_P(itf, T_NIL)) {
|
||||
pitf = StringValuePtr(itf);
|
||||
if (rb_safe_level() > 0 && OBJ_TAINTED(itf)) {
|
||||
rb_raise(rb_eSecurityError, "Insecure Event Creation - %s",
|
||||
rb_raise(rb_eSecurityError, "insecure event creation - `%s'",
|
||||
StringValuePtr(itf));
|
||||
}
|
||||
SafeStringValue(itf);
|
||||
pitf = StringValuePtr(itf);
|
||||
hr = find_iid(ole, pitf, &iid, &pTypeInfo);
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -169,6 +169,33 @@ if defined?(WIN32OLE)
|
|||
}
|
||||
end
|
||||
|
||||
def test_s_new_exc_svr_tainted
|
||||
th = Thread.start {
|
||||
$SAFE = 1
|
||||
svr = "Scripting.Dictionary"
|
||||
svr.taint
|
||||
WIN32OLE.new(svr)
|
||||
}
|
||||
exc = assert_raise(SecurityError) {
|
||||
th.join
|
||||
}
|
||||
assert_match(/insecure object creation - `Scripting.Dictionary'/, exc.message)
|
||||
end
|
||||
|
||||
def test_s_new_exc_host_tainted
|
||||
th = Thread.start {
|
||||
$SAFE = 1
|
||||
svr = "Scripting.Dictionary"
|
||||
host = "localhost"
|
||||
host.taint
|
||||
WIN32OLE.new(svr, host)
|
||||
}
|
||||
exc = assert_raise(SecurityError) {
|
||||
th.join
|
||||
}
|
||||
assert_match(/insecure object creation - `localhost'/, exc.message)
|
||||
end
|
||||
|
||||
def test_s_new_DCOM
|
||||
rshell = WIN32OLE.new("Shell.Application")
|
||||
assert_instance_of(WIN32OLE, rshell)
|
||||
|
@ -194,6 +221,19 @@ if defined?(WIN32OLE)
|
|||
}
|
||||
end
|
||||
|
||||
def test_s_coonect_exc_tainted
|
||||
th = Thread.start {
|
||||
$SAFE = 1
|
||||
svr = "winmgmts:"
|
||||
svr.taint
|
||||
WIN32OLE.connect(svr)
|
||||
}
|
||||
exc = assert_raise(SecurityError) {
|
||||
th.join
|
||||
}
|
||||
assert_match(/insecure connection - `winmgmts:'/, exc.message)
|
||||
end
|
||||
|
||||
def test_invoke_accept_symbol_hash_key
|
||||
fso = WIN32OLE.new('Scripting.FileSystemObject')
|
||||
afolder = fso.getFolder(".")
|
||||
|
|
|
@ -329,6 +329,19 @@ if defined?(WIN32OLE_EVENT)
|
|||
message_loop
|
||||
assert(h2.ev != "")
|
||||
end
|
||||
|
||||
def test_s_new_exc_tainted
|
||||
th = Thread.new {
|
||||
$SAFE=1
|
||||
str = 'ConnectionEvents'
|
||||
str.taint
|
||||
ev = WIN32OLE_EVENT.new(@db, str)
|
||||
}
|
||||
exc = assert_raise(SecurityError) {
|
||||
th.join
|
||||
}
|
||||
assert_match(/insecure event creation - `ConnectionEvents'/, exc.message)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue