From ab1a751ece53402ad1903cae700a3f023b20803c Mon Sep 17 00:00:00 2001 From: matz Date: Wed, 16 Jan 2002 09:22:45 +0000 Subject: [PATCH] * eval.c (block_pass): should not pass tainted block, if $SAFE > 0. * variable.c (rb_mod_remove_cvar): should pass the char*. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 8 ++++++++ eval.c | 22 +++++++++++++++++++++- ext/digest/defs.h | 3 ++- ext/tcltklib/extconf.rb | 4 ++-- lib/English.rb | 2 +- parse.y | 4 +--- re.c | 6 +----- ruby.1 | 2 +- variable.c | 2 +- version.c | 2 +- 10 files changed, 39 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3eb01cb7df..1c8fd4c52c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,14 @@ Tue Jan 15 12:43:34 2002 Minero Aoki * lib/net/smtp.rb: should not resolve HELO domain automatically. +Mon Jan 14 13:06:02 2002 Yukihiro Matsumoto + + * eval.c (block_pass): should not pass tainted block, if $SAFE > 0. + +Sun Jan 13 09:31:41 2002 Koji Arai + + * variable.c (rb_mod_remove_cvar): should pass the char*. + Fri Jan 11 05:06:25 2002 Nobuyoshi Nakada * class.c (rb_make_metaclass): [new] diff --git a/eval.c b/eval.c index b7fede218a..a12d7ff3fe 100644 --- a/eval.c +++ b/eval.c @@ -1753,7 +1753,23 @@ is_defined(self, node, buf) return 0; } check_bound: - if (rb_method_boundp(val, node->nd_mid, nd_type(node)== NODE_CALL)) { + { + int call = nd_type(node)== NODE_CALL; + if (call) { + int noex; + ID id = node->nd_mid; + + if (!rb_get_method_body(&val, &id, &noex)) + break; + if ((noex & NOEX_PRIVATE)) + break; + if ((noex & NOEX_PROTECTED)) { + if (!rb_obj_is_kind_of(self, rb_class_real(val))) + break; + } + } + else if (!rb_method_boundp(val, node->nd_mid, call)) + break; return arg_defined(self, node->nd_args, buf, "method"); } break; @@ -6511,6 +6527,10 @@ block_pass(self, node) rb_class2name(CLASS_OF(block))); } + if (rb_safe_level() >= 1 && OBJ_TAINTED(block)) { + rb_raise(rb_eSecurityError, "Insecure: tainted block value"); + } + Data_Get_Struct(block, struct BLOCK, data); orphan = blk_orphan(data); diff --git a/ext/digest/defs.h b/ext/digest/defs.h index 7af8f52324..df7df377b9 100644 --- a/ext/digest/defs.h +++ b/ext/digest/defs.h @@ -10,7 +10,8 @@ #if defined(HAVE_SYS_CDEFS_H) # include -#else +#endif +#if !defined(__BEGIN_DECLS) # define __BEGIN_DECLS # define __END_DECLS #endif diff --git a/ext/tcltklib/extconf.rb b/ext/tcltklib/extconf.rb index f732c165dc..fd98b1e7da 100644 --- a/ext/tcltklib/extconf.rb +++ b/ext/tcltklib/extconf.rb @@ -18,7 +18,7 @@ tcllib = with_config("tcllib") stubs = enable_config("tcltk_stubs") || with_config("tcltk_stubs") def find_tcl(tcllib, stubs) - paths = ["/usr/local/lib", "/usr/pkg", "/usr/lib"] + paths = ["/usr/local/lib", "/usr/pkg/lib", "/usr/lib"] func = stubs ? "Tcl_InitStubs" : "Tcl_FindExecutable" if tcllib find_library(tcllib, func, *paths) @@ -40,7 +40,7 @@ def find_tcl(tcllib, stubs) end def find_tk(tklib, stubs) - paths = ["/usr/local/lib", "/usr/pkg", "/usr/lib"] + paths = ["/usr/local/lib", "/usr/pkg/lib", "/usr/lib"] func = stubs ? "Tk_InitStubs" : "Tk_Init" if tklib find_library(tklib, func, *paths) diff --git a/lib/English.rb b/lib/English.rb index c7e13bebe6..237af08f3d 100644 --- a/lib/English.rb +++ b/lib/English.rb @@ -9,7 +9,7 @@ alias $OUTPUT_FIELD_SEPARATOR $, alias $RS $/ alias $INPUT_RECORD_SEPARATOR $/ alias $ORS $\ -alias $OUPUT_RECORD_SEPARATOR $\ +alias $OUTPUT_RECORD_SEPARATOR $\ alias $INPUT_LINE_NUMBER $. alias $NR $. alias $LAST_READ_LINE $_ diff --git a/parse.y b/parse.y index 057035bf1f..c16f513abc 100644 --- a/parse.y +++ b/parse.y @@ -4090,9 +4090,7 @@ gettable(id) return NEW_FALSE(); } else if (id == k__FILE__) { - VALUE f = rb_str_new2(ruby_sourcefile); - OBJ_FREEZE(f); - return NEW_STR(f); + return NEW_STR(rb_str_new2(ruby_sourcefile)); } else if (id == k__LINE__) { return NEW_LIT(INT2FIX(ruby_sourceline)); diff --git a/re.c b/re.c index 4ff48632c0..42ae86f401 100644 --- a/re.c +++ b/re.c @@ -925,15 +925,11 @@ static VALUE rb_reg_equal(re1, re2) VALUE re1, re2; { - int min; - if (re1 == re2) return Qtrue; if (TYPE(re2) != T_REGEXP) return Qfalse; rb_reg_check(re1); rb_reg_check(re2); if (RREGEXP(re1)->len != RREGEXP(re2)->len) return Qfalse; - min = RREGEXP(re1)->len; - if (min > RREGEXP(re2)->len) min = RREGEXP(re2)->len; - if (memcmp(RREGEXP(re1)->str, RREGEXP(re2)->str, min) == 0 && + if (memcmp(RREGEXP(re1)->str, RREGEXP(re2)->str, RREGEXP(re1)->len) == 0 && rb_reg_cur_kcode(re1) == rb_reg_cur_kcode(re2) && RREGEXP(re1)->ptr->options == RREGEXP(re2)->ptr->options) { return Qtrue; diff --git a/ruby.1 b/ruby.1 index 6d6bebf1ae..ce07d912cb 100644 --- a/ruby.1 +++ b/ruby.1 @@ -1,6 +1,6 @@ .\"Ruby is copyrighted by Yukihiro Matsumoto . .na -.TH RUBY 1 "ruby 1.6" "2000-09-11" "Ruby Programmers Reference Guide" +.TH RUBY 1 "ruby 1.6" "2001-12-25" "Ruby Programmers Reference Manual" .SH NAME ruby - Interpreted object-oriented scripting language .SH SYNOPSIS diff --git a/variable.c b/variable.c index b04fe84b48..65bf380efb 100644 --- a/variable.c +++ b/variable.c @@ -1528,7 +1528,7 @@ rb_mod_remove_cvar(mod, name) VALUE val; if (!rb_is_class_id(id)) { - rb_raise(rb_eNameError, "wrong class variable name %s", name); + rb_raise(rb_eNameError, "wrong class variable name %s", rb_id2name(name)); } if (!OBJ_TAINTED(mod) && rb_safe_level() >= 4) rb_raise(rb_eSecurityError, "Insecure: can't remove class variable"); diff --git a/version.c b/version.c index 629bfe4137..5fb07e5dac 100644 --- a/version.c +++ b/version.c @@ -40,6 +40,6 @@ ruby_show_version() void ruby_show_copyright() { - printf("ruby - Copyright (C) 1993-2000 Yukihiro Matsumoto\n"); + printf("ruby - Copyright (C) 1993-2002 Yukihiro Matsumoto\n"); exit(0); }