merge revision(s) 65125:

infect taint flag on Array#pack and String#unpack with the directives "B", "b", "H" and "h". * pack.c (pack_pack, pack_unpack_internal): infect taint flag. * test/ruby/test_pack.rb: add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@65128 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2018-10-17 15:06:18 +00:00 · 2018-10-17 15:06:18 +00:00 · a2958f6743
commit a2958f6743
parent 0b1e97d5d8
3 changed files with 26 additions and 3 deletions
--- a/pack.c
+++ b/pack.c
@ -749,6 +749,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
 	    StringValue(from);
 	    ptr = RSTRING_PTR(from);
 	    plen = RSTRING_LEN(from);
 	    OBJ_INFECT(res, from);
 	    if (len == 0 && type == 'm') {
 		encodes(res, ptr, plen, type, 0);
@ -776,6 +777,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
 	  case 'M':		/* quoted-printable encoded string */
 	    from = rb_obj_as_string(NEXTFROM);
 	    OBJ_INFECT(res, from);
 	    if (len <= 1)
 		len = 72;
 	    qpencode(res, from, len);
@ -801,6 +803,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
 		}
 		else {
 		    t = StringValuePtr(from);
 		    OBJ_INFECT(res, from);
 		    rb_obj_taint(from);
 		}
 		if (!associates) {
@ -1184,6 +1187,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
 		    len = (send - s) * 8;
 		bits = 0;
 		bitstr = rb_usascii_str_new(0, len);
 		OBJ_INFECT(bitstr, str);
 		t = RSTRING_PTR(bitstr);
 		for (i=0; i<len; i++) {
 		    if (i & 7) bits >>= 1;
@ -1205,6 +1209,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
 		    len = (send - s) * 8;
 		bits = 0;
 		bitstr = rb_usascii_str_new(0, len);
 		OBJ_INFECT(bitstr, str);
 		t = RSTRING_PTR(bitstr);
 		for (i=0; i<len; i++) {
 		    if (i & 7) bits <<= 1;
@ -1226,6 +1231,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
 		    len = (send - s) * 2;
 		bits = 0;
 		bitstr = rb_usascii_str_new(0, len);
 		OBJ_INFECT(bitstr, str);
 		t = RSTRING_PTR(bitstr);
 		for (i=0; i<len; i++) {
 		    if (i & 1)
@ -1249,6 +1255,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
 		    len = (send - s) * 2;
 		bits = 0;
 		bitstr = rb_usascii_str_new(0, len);
 		OBJ_INFECT(bitstr, str);
 		t = RSTRING_PTR(bitstr);
 		for (i=0; i<len; i++) {
 		    if (i & 1)
--- a/test/ruby/test_pack.rb
+++ b/test/ruby/test_pack.rb
@ -860,4 +860,20 @@ EXPECTED
    assert_equal "hogefuga", "aG9nZWZ1Z2E=".unpack1("m")
    assert_equal "01000001", "A".unpack1("B*")
  end
  def test_pack_infection
    tainted_array_string = ["123456"]
    tainted_array_string.first.taint
    ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f|
      assert_predicate(tainted_array_string.pack(f), :tainted?)
    end
  end
  def test_unpack_infection
    tainted_string = "123456"
    tainted_string.taint
    ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f|
      assert_predicate(tainted_string.unpack(f).first, :tainted?)
    end
  end
 end
--- a/version.h
+++ b/version.h
@ -1,10 +1,10 @@
 #define RUBY_VERSION "2.5.2"
-#define RUBY_RELEASE_DATE "2018-10-17"
+#define RUBY_RELEASE_DATE "2018-10-18"
-#define RUBY_PATCHLEVEL 102
+#define RUBY_PATCHLEVEL 103
 #define RUBY_RELEASE_YEAR 2018
 #define RUBY_RELEASE_MONTH 10
-#define RUBY_RELEASE_DAY 17
+#define RUBY_RELEASE_DAY 18
 #include "ruby/version.h"