* lib/net/smtp.rb (Net::SMTP::send0): add taint check.

* ruby.h (LLONG_MIN): wrong value. * io.c (rb_f_getc): $stdin may not be IO. [ruby-dev:20973] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4206 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2003-07-29 07:52:55 +00:00 · 2003-07-29 07:52:55 +00:00 · 37b2487c70
commit 37b2487c70
parent 847bac1daf
7 changed files with 30 additions and 10 deletions
--- a/13
+++ b/13
@ -1,8 +1,20 @@
+Tue Jul 29 16:38:44 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* lib/net/smtp.rb (Net::SMTP::send0): add taint check.
+
 Tue Jul 29 15:41:02 2003  WATANABE Hirofumi  <eban@ruby-lang.org>

 	* instruby.rb (install): preserve the timestamp for Mac OS X ranlib
 	  problem.

+Tue Jul 29 01:14:51 2003  Rick Ohnemus  <rick_ohnemus@acm.org>
+
+	* ruby.h (LLONG_MIN): wrong value.
+
+Mon Jul 28 22:57:52 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* io.c (rb_f_getc): $stdin may not be IO. [ruby-dev:20973]
+
 Tue Jul 29 12:22:28 2003  why the lucky stiff  <ruby-cvs@whytheluckystiff.net>

 	* ext/syck/token.c: prefixed many constants and definitions
@ -43,6 +55,7 @@ Mon Jul 28 18:53:03 2003  WATANABE Hirofumi  <eban@ruby-lang.org>
 	* ext/openssl/extconf.rb: check again after pkg-config for MinGW on
 	  Cygwin.

+>>>>>>> 1.1963
 Mon Jul 28 15:32:04 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>

 	* ext/stringio/stringio.c (strio_gets): only "gets" should set $_.
--- a/ext/bigdecimal/bigdecimal.c
+++ b/ext/bigdecimal/bigdecimal.c
@ -31,6 +31,7 @@
 *
 */

+#include "ruby.h"
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -38,8 +39,6 @@
 #include <errno.h>
 #include <float.h>
 #include <math.h>
-#include "ruby.h"
-#include "math.h"
 #include "version.h"
 
 /* #define ENABLE_NUMERIC_STRING */
--- a/intern.h
+++ b/intern.h
@ -249,6 +249,7 @@ VALUE rb_hash_delete _((VALUE,VALUE));
 int rb_path_check _((char*));
 int rb_env_path_tainted _((void));
 /* io.c */
+#define rb_defout rb_stdout
 RUBY_EXTERN VALUE rb_fs;
 RUBY_EXTERN VALUE rb_output_fs;
 RUBY_EXTERN VALUE rb_rs;
--- a/io.c
+++ b/io.c
@ -94,7 +94,7 @@ VALUE rb_cIO;
 VALUE rb_eEOFError;
 VALUE rb_eIOError;

-VALUE rb_stdin, rb_stdout, rb_stderr;
+VALUE rb_stdin, rb_stdout, rb_stderr, rb_defout;
 static VALUE orig_stdout, orig_stderr;

 VALUE rb_output_fs;
@ -3180,6 +3180,9 @@ static VALUE
 rb_f_getc()
 {
    rb_warn("getc is obsolete; use STDIN.getc instead");
+    if (TYPE(rb_stdin) != T_FILE) {
+	return rb_funcall3(rb_stdin, rb_intern("getc"), 0, 0);
+    }
    return rb_io_getc(rb_stdin);
 }

@ -4134,7 +4137,7 @@ Init_IO()
    rb_stderr = prep_stdio(stderr, FMODE_WRITABLE, rb_cIO);
    rb_define_hooked_variable("$stderr", &rb_stderr, 0, set_output_var);
    rb_define_hooked_variable("$>", &rb_stdout, 0, set_output_var);
-    orig_stdout = rb_stdout;
+    rb_defout = orig_stdout = rb_stdout;
    orig_stderr = rb_stderr;

    /* variables to be removed in 1.8.1 */
--- a/lib/complex.rb
+++ b/lib/complex.rb
@ -75,14 +75,14 @@ class Complex < Numeric
  end

  def initialize(a, b)
-    raise "non numeric 1st arg `#{a.inspect}'" if !a.kind_of? Numeric
-    raise "`#{a.inspect}' for 1st arg" if a.kind_of? Complex
-    raise "non numeric 2nd arg `#{b.inspect}'" if !b.kind_of? Numeric
-    raise "`#{b.inspect}' for 2nd arg" if b.kind_of? Complex
+    raise TypeError, "non numeric 1st arg `#{a.inspect}'" if !a.kind_of? Numeric
+    raise TypeError, "`#{a.inspect}' for 1st arg" if a.kind_of? Complex
+    raise TypeError, "non numeric 2nd arg `#{b.inspect}'" if !b.kind_of? Numeric
+    raise TypeError, "`#{b.inspect}' for 2nd arg" if b.kind_of? Complex
    @real = a
    @image = b
  end
-  
+
  #
  # Addition with real or complex number.
  #
--- a/lib/net/smtp.rb
+++ b/lib/net/smtp.rb
@ -490,6 +490,10 @@ module Net
    def send0( from_addr, to_addrs )
      raise IOError, "closed session" unless @socket
      raise ArgumentError, 'mail destination does not given' if to_addrs.empty?
+      raise SecurityError, 'tainted from_addr' if from_addr.tainted?
+      to_addrs.each{|to| 
+        raise SecurityError, 'tainted to_addr' if to.tainted?
+      }

      mailfrom from_addr
      to_addrs.each do |to|
--- a/ruby.h
+++ b/ruby.h
@ -109,7 +109,7 @@ typedef unsigned long ID;
 #   define LLONG_MIN  LONG_LONG_MIN
 #  else
 #   ifdef _I64_MIN
-#    define LLONG_MIN _I64_MAX
+#    define LLONG_MIN _I64_MIX
 #   else
 #    define LLONG_MIN (-LLONG_MAX-1)
 #   endif