* lib/pp.rb (guard_inspect_key): untrust internal hash to prevent

unexpected SecurityError. * test/ruby/test_object.rb: add a test for [ruby-dev:38982]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24396 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2009-08-04 16:44:05 +00:00 · 2009-08-04 16:44:05 +00:00 · 528574c2e2
commit 528574c2e2
parent 5ea7e7f60b
3 changed files with 46 additions and 3 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Wed Aug  5 01:38:27 2009  Yusuke Endoh  <mame@tsg.ne.jp>
+ 
+	* lib/pp.rb (guard_inspect_key): untrust internal hash to prevent
+	  unexpected SecurityError.
+
+	* test/ruby/test_object.rb: add a test for [ruby-dev:38982].
+
 Wed Aug  5 00:33:05 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* lib/rdoc/parser/c.rb: fixed a small error in the documentation.
--- a/lib/pp.rb
+++ b/lib/pp.rb
@ -107,17 +107,17 @@ class PP < PrettyPrint
  module PPMethods
    def guard_inspect_key
      if Thread.current[:__recursive_key__] == nil
-        Thread.current[:__recursive_key__] = {}
+        Thread.current[:__recursive_key__] = {}.untrust
      end

      if Thread.current[:__recursive_key__][:inspect] == nil
-        Thread.current[:__recursive_key__][:inspect] = {}
+        Thread.current[:__recursive_key__][:inspect] = {}.untrust
      end

      save = Thread.current[:__recursive_key__][:inspect]

      begin
-        Thread.current[:__recursive_key__][:inspect] = {}
+        Thread.current[:__recursive_key__][:inspect] = {}.untrust
        yield
      ensure
        Thread.current[:__recursive_key__][:inspect] = save
--- a/test/ruby/test_object.rb
+++ b/test/ruby/test_object.rb
@ -413,4 +413,40 @@ class TestObject < Test::Unit::TestCase
    assert_equal(true, s.untrusted?)
    assert_equal(true, s.tainted?)
  end
+
+  def test_exec_recursive
+    Thread.current[:__recursive_key__] = nil
+    a = [[]]
+    a.inspect
+
+    assert_nothing_raised do
+      -> do
+        $SAFE = 4
+        begin
+          a.hash
+        rescue ArgumentError
+        end
+      end.call
+    end
+
+    -> do
+      assert_nothing_raised do
+        $SAFE = 4
+        a.inspect
+      end
+    end.call
+
+    -> do
+      o = Object.new
+      def o.to_ary(x); end
+      def o.==(x); $SAFE = 4; false; end
+      a = [[o]]
+      b = []
+      b << b
+
+      assert_nothing_raised do
+        b == a
+      end
+    end.call
+  end
 end