kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* eval.c (secure_visibility): visibility check for untainted modules.

Browse source 
* signal.c (sigpipe): sighandler which does nothing.

* signal.c (trap): set sigpipe function for SIGPIPE.

* signal.c (Init_signal): default SIGPIPE handler should be
  sigpipe function.

* array.c (rb_ary_subseq): wrong boundary check.

* parse.y (cond0): integer literal in condition should not be
  compared to lineno ($.).


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
matz 2001-02-19 07:03:06 +00:00
parent d63d8012f4
commit 3ae4fd7258
8 changed files with 90 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

22
ChangeLog
View file

@ -1,3 +1,16 @@
Mon Feb 19 01:55:43 2001 Yukihiro Matsumoto <matz@ruby-lang.org>
* eval.c (secure_visibility): visibility check for untainted modules.
Mon Feb 19 00:29:29 2001 Nobuyoshi Nakada <nobu.nakada@nifty.ne.jp>
* signal.c (sigpipe): sighandler which does nothing.
* signal.c (trap): set sigpipe function for SIGPIPE.
* signal.c (Init_signal): default SIGPIPE handler should be
sigpipe function.
Sun Feb 18 15:42:38 2001 WATANABE Hirofumi <eban@ruby-lang.org> Sun Feb 18 15:42:38 2001 WATANABE Hirofumi <eban@ruby-lang.org>
* ext/curses/extconf.rb: add dir_config. * ext/curses/extconf.rb: add dir_config.
@ -8,6 +21,10 @@ Sun Feb 18 05:46:03 2001 Minero Aoki <aamine@dp.u-netsurf.ne.jp>
* lib/net/http.rb: Response#range_length was not debugged. * lib/net/http.rb: Response#range_length was not debugged.
Sun Feb 18 04:02:03 2001 Yasushi Shoji <yashi@yashi.com>
* array.c (rb_ary_subseq): wrong boundary check.
Sun Feb 18 00:09:50 2001 Nobuyoshi Nakada <nobu.nakada@nifty.ne.jp> Sun Feb 18 00:09:50 2001 Nobuyoshi Nakada <nobu.nakada@nifty.ne.jp>
* win32/win32.c: fasten file I/O on mswin32/mingw32. * win32/win32.c: fasten file I/O on mswin32/mingw32.
@ -16,6 +33,11 @@ Sun Feb 18 00:09:50 2001 Nobuyoshi Nakada <nobu.nakada@nifty.ne.jp>
* rubysig.h: ditto. * rubysig.h: ditto.
Sat Feb 17 23:32:45 2001 Yukihiro Matsumoto <matz@ruby-lang.org>
* parse.y (cond0): integer literal in condition should not be
compared to lineno ($.).
Fri Feb 16 01:44:56 2001 Yukihiro Matsumoto <matz@ruby-lang.org> Fri Feb 16 01:44:56 2001 Yukihiro Matsumoto <matz@ruby-lang.org>
* io.c (set_outfile): f should be the FILE* from the assigning value. * io.c (set_outfile): f should be the FILE* from the assigning value.

1
ToDo
View file

@ -74,6 +74,7 @@ Standard Libraries
* or raise ForkException to every thread but fork caller. * or raise ForkException to every thread but fork caller.
* Hash::new{default} or recommend Hash#fetch? * Hash::new{default} or recommend Hash#fetch?
* new user-defined marshal scheme. _dump(dumper), _load(restorer) * new user-defined marshal scheme. _dump(dumper), _load(restorer)
* warn, warning for Ruby level
Extension Libraries Extension Libraries

2
array.c
View file

@ -400,7 +400,7 @@ rb_ary_subseq(ary, beg, len)
{ {
VALUE ary2; VALUE ary2;
if (beg > RARRAY(ary)->len) return Qnil; if (beg >= RARRAY(ary)->len) return Qnil;
if (beg < 0 || len < 0) return Qnil; if (beg < 0 || len < 0) return Qnil;
if (beg + len > RARRAY(ary)->len) { if (beg + len > RARRAY(ary)->len) {

9
error.c
View file

@ -412,6 +412,13 @@ exc_set_backtrace(exc, bt)
return rb_iv_set(exc, "bt", check_backtrace(bt)); return rb_iv_set(exc, "bt", check_backtrace(bt));
} }
static VALUE
exit_status(exc)
VALUE exc;
{
return rb_iv_get(exc, "status");
}
#ifdef __BEOS__ #ifdef __BEOS__
typedef struct { typedef struct {
VALUE *list; VALUE *list;
@ -554,6 +561,8 @@ Init_Exception()
rb_define_method(rb_eException, "set_backtrace", exc_set_backtrace, 1); rb_define_method(rb_eException, "set_backtrace", exc_set_backtrace, 1);
rb_eSystemExit = rb_define_class("SystemExit", rb_eException); rb_eSystemExit = rb_define_class("SystemExit", rb_eException);
rb_define_method(rb_eSystemExit, "status", exit_status, 0);
rb_eFatal = rb_define_class("fatal", rb_eException); rb_eFatal = rb_define_class("fatal", rb_eException);
rb_eSignal = rb_define_class("SignalException", rb_eException); rb_eSignal = rb_define_class("SignalException", rb_eException);
rb_eInterrupt = rb_define_class("Interrupt", rb_eSignal); rb_eInterrupt = rb_define_class("Interrupt", rb_eSignal);

14
eval.c
View file

@ -5426,6 +5426,15 @@ rb_require(fname)
return rb_f_require(Qnil, rb_str_new2(fname)); return rb_f_require(Qnil, rb_str_new2(fname));
} }
static void
secure_visibility(self)
VALUE self;
{
if (rb_safe_level() >= 4 && !OBJ_TAINTED(self)) {
rb_raise(rb_eSecurityError, "Insecure: can't change method visibility");
}
}
static void static void
set_method_visibility(self, argc, argv, ex) set_method_visibility(self, argc, argv, ex)
VALUE self; VALUE self;
@ -5435,6 +5444,7 @@ set_method_visibility(self, argc, argv, ex)
{ {
int i; int i;
secure_visibility(self);
for (i=0; i<argc; i++) { for (i=0; i<argc; i++) {
rb_export_method(self, rb_to_id(argv[i]), ex); rb_export_method(self, rb_to_id(argv[i]), ex);
} }
@ -5446,6 +5456,7 @@ rb_mod_public(argc, argv, module)
VALUE *argv; VALUE *argv;
VALUE module; VALUE module;
{ {
secure_visibility(module);
if (argc == 0) { if (argc == 0) {
SCOPE_SET(SCOPE_PUBLIC); SCOPE_SET(SCOPE_PUBLIC);
} }
@ -5461,6 +5472,7 @@ rb_mod_protected(argc, argv, module)
VALUE *argv; VALUE *argv;
VALUE module; VALUE module;
{ {
secure_visibility(module);
if (argc == 0) { if (argc == 0) {
SCOPE_SET(SCOPE_PROTECTED); SCOPE_SET(SCOPE_PROTECTED);
} }
@ -5476,6 +5488,7 @@ rb_mod_private(argc, argv, module)
VALUE *argv; VALUE *argv;
VALUE module; VALUE module;
{ {
secure_visibility(module);
if (argc == 0) { if (argc == 0) {
SCOPE_SET(SCOPE_PRIVATE); SCOPE_SET(SCOPE_PRIVATE);
} }
@ -5535,6 +5548,7 @@ rb_mod_modfunc(argc, argv, module)
rb_raise(rb_eTypeError, "module_function must be called for modules"); rb_raise(rb_eTypeError, "module_function must be called for modules");
} }
secure_visibility(module);
if (argc == 0) { if (argc == 0) {
SCOPE_SET(SCOPE_MODFUNC); SCOPE_SET(SCOPE_MODFUNC);
return module; return module;

36
parse.y
View file

@ -4469,6 +4469,28 @@ warning_unless_e_option(str)
if (e_option_supplied()) rb_warning(str); if (e_option_supplied()) rb_warning(str);
} }
static NODE *cond0();
static NODE*
cond2(node, logop)
NODE *node;
int logop;
{
enum node_type type;
if (logop) return node;
if (!e_option_supplied()) return node;
warn_unless_e_option("integer literal in condition");
node = cond0(node);
type = nd_type(node);
if (type == NODE_NEWLINE) node = node->nd_next;
if (type == NODE_LIT && FIXNUM_P(node->nd_lit)) {
return call_op(node,tEQ,1,NEW_GVAR(rb_intern("$.")));
}
return node;
}
static NODE* static NODE*
cond0(node, logop) cond0(node, logop)
NODE *node; NODE *node;
@ -4494,8 +4516,8 @@ cond0(node, logop)
case NODE_DOT2: case NODE_DOT2:
case NODE_DOT3: case NODE_DOT3:
node->nd_beg = cond0(node->nd_beg, logop); node->nd_beg = cond2(node->nd_beg, logop);
node->nd_end = cond0(node->nd_end, logop); node->nd_end = cond2(node->nd_end, logop);
if (type == NODE_DOT2) nd_set_type(node,NODE_FLIP2); if (type == NODE_DOT2) nd_set_type(node,NODE_FLIP2);
else if (type == NODE_DOT3) nd_set_type(node, NODE_FLIP3); else if (type == NODE_DOT3) nd_set_type(node, NODE_FLIP3);
node->nd_cnt = local_append(0); node->nd_cnt = local_append(0);
@ -4509,20 +4531,12 @@ cond0(node, logop)
goto regexp; goto regexp;
case NODE_LIT: case NODE_LIT:
switch (TYPE(node->nd_lit)) { if (TYPE(node->nd_lit) == T_REGEXP) {
case T_REGEXP:
warning_unless_e_option("regex literal in condition"); warning_unless_e_option("regex literal in condition");
regexp: regexp:
nd_set_type(node, NODE_MATCH); nd_set_type(node, NODE_MATCH);
local_cnt('_'); local_cnt('_');
local_cnt('~'); local_cnt('~');
break;
case T_FIXNUM:
if (logop) break;
if (!e_option_supplied()) break;
warn_unless_e_option("integer literal in condition");
return call_op(node,tEQ,1,NEW_GVAR(rb_intern("$.")));
} }
} }
return node; return node;

8
process.c
View file

@ -299,12 +299,12 @@ struct waitall_data {
int pid; int pid;
int status; int status;
VALUE ary; VALUE ary;
} };
static int static int
waitall_each(key, value, data) waitall_each(key, value, data)
int key, value; int key, value;
struct wait_data *data; struct waitall_data *data;
{ {
VALUE pid_status_member; VALUE pid_status_member;
@ -563,6 +563,10 @@ rb_proc_exec(str)
char **argv, **a; char **argv, **a;
security(str); security(str);
while (*str && ISSPACE(*str))
str++;
for (s=str; *s; s++) { for (s=str; *s; s++) {
if (*s != ' ' && !ISALPHA(*s) && strchr("*?{}[]<>()~&|\\$;'`\"\n",*s)) { if (*s != ' ' && !ISALPHA(*s) && strchr("*?{}[]<>()~&|\\$;'`\"\n",*s)) {
#if defined(MSDOS) #if defined(MSDOS)

14
signal.c
View file

@ -386,6 +386,16 @@ sigsegv(sig)
} }
#endif #endif
#ifdef SIGPIPE
static RETSIGTYPE sigsegv _((int));
static RETSIGTYPE
sigpipe(sig)
int sig;
{
/* do nothing */
}
#endif
void void
rb_trap_exit() rb_trap_exit()
{ {
@ -546,7 +556,7 @@ trap(arg)
#endif #endif
#ifdef SIGPIPE #ifdef SIGPIPE
case SIGPIPE: case SIGPIPE:
func = SIG_IGN; func = sigpipe;
break; break;
#endif #endif
} }
@ -659,7 +669,7 @@ Init_signal()
ruby_signal(SIGSEGV, sigsegv); ruby_signal(SIGSEGV, sigsegv);
#endif #endif
#ifdef SIGPIPE #ifdef SIGPIPE
ruby_signal(SIGPIPE, SIG_IGN); ruby_signal(SIGPIPE, sigpipe);
#endif #endif
#endif /* MACOS_UNUSE_SIGNAL */ #endif /* MACOS_UNUSE_SIGNAL */
} }