mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
[ruby/net-protocol] Get rid of __send__
Mitigate the security risk:
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
a9970437e8
This commit is contained in:
Nobuyoshi Nakada
parent
f4640f64a4
commit
2b17d2f297
1 changed files with 5 additions and 6 deletions
|
|
@ -383,7 +383,7 @@ module Net # :nodoc:
|
||||||
len = writing {
|
len = writing {
|
||||||
using_each_crlf_line {
|
using_each_crlf_line {
|
||||||
begin
|
begin
|
||||||
block.call(WriteAdapter.new(self, :write_message_0))
|
block.call(WriteAdapter.new(self.method(:write_message_0)))
|
||||||
rescue LocalJumpError
|
rescue LocalJumpError
|
||||||
# allow `break' from writer block
|
# allow `break' from writer block
|
||||||
end
|
end
|
||||||
|
|
@ -447,17 +447,16 @@ module Net # :nodoc:
|
||||||
# The writer adapter class
|
# The writer adapter class
|
||||||
#
|
#
|
||||||
class WriteAdapter
|
class WriteAdapter
|
||||||
def initialize(socket, method)
|
def initialize(writer)
|
||||||
@socket = socket
|
@writer = writer
|
||||||
@method_id = method
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def inspect
|
def inspect
|
||||||
"#<#{self.class} socket=#{@socket.inspect}>"
|
"#<#{self.class} writer=#{@writer.inspect}>"
|
||||||
end
|
end
|
||||||
|
|
||||||
def write(str)
|
def write(str)
|
||||||
@socket.__send__(@method_id, str)
|
@writer.call(str)
|
||||||
end
|
end
|
||||||
|
|
||||||
alias print write
|
alias print write
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue