* eval.c (block_pass): should not pass tainted block, if $SAFE > 0.

* variable.c (rb_mod_remove_cvar): should pass the char*. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2002-01-16 09:22:45 +00:00 · 2002-01-16 09:22:45 +00:00 · ab1a751ece
commit ab1a751ece
parent ce71ad15c7
10 changed files with 39 additions and 16 deletions
--- a/8
+++ b/8
@ -26,6 +26,14 @@ Tue Jan 15 12:43:34 2002  Minero Aoki  <aamine@loveruby.net>

 	* lib/net/smtp.rb: should not resolve HELO domain automatically.

+Mon Jan 14 13:06:02 2002  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* eval.c (block_pass): should not pass tainted block, if $SAFE > 0.
+
+Sun Jan 13 09:31:41 2002  Koji Arai  <jca02266@nifty.ne.jp>
+
+	* variable.c (rb_mod_remove_cvar): should pass the char*.
+
 Fri Jan 11 05:06:25 2002  Nobuyoshi Nakada  <nobu.nakada@nifty.ne.jp>

 	* class.c (rb_make_metaclass): [new]
--- a/eval.c
+++ b/eval.c
@ -1753,7 +1753,23 @@ is_defined(self, node, buf)
 	    return 0;
 	}
      check_bound:
-	if (rb_method_boundp(val, node->nd_mid, nd_type(node)== NODE_CALL)) {
+	{
+	    int call = nd_type(node)== NODE_CALL;
+	    if (call) {
+		int noex;
+		ID id = node->nd_mid;
+
+		if (!rb_get_method_body(&val, &id, &noex))
+		    break;
+		if ((noex & NOEX_PRIVATE))
+		    break;
+		if ((noex & NOEX_PROTECTED)) {
+		    if (!rb_obj_is_kind_of(self, rb_class_real(val)))
+			break;
+		}
+	    }
+	    else if (!rb_method_boundp(val, node->nd_mid, call))
+		break;
 	    return arg_defined(self, node->nd_args, buf, "method");
 	}
 	break;
@ -6511,6 +6527,10 @@ block_pass(self, node)
 		 rb_class2name(CLASS_OF(block)));
    }

+    if (rb_safe_level() >= 1 && OBJ_TAINTED(block)) {
+	rb_raise(rb_eSecurityError, "Insecure: tainted block value");
+    }
+
    Data_Get_Struct(block, struct BLOCK, data);
    orphan = blk_orphan(data);

--- a/ext/digest/defs.h
+++ b/ext/digest/defs.h
@ -10,7 +10,8 @@

 #if defined(HAVE_SYS_CDEFS_H)
 # include <sys/cdefs.h>
-#else
+#endif
+#if !defined(__BEGIN_DECLS)
 # define __BEGIN_DECLS
 # define __END_DECLS
 #endif
--- a/ext/tcltklib/extconf.rb
+++ b/ext/tcltklib/extconf.rb
@ -18,7 +18,7 @@ tcllib = with_config("tcllib")
 stubs = enable_config("tcltk_stubs") || with_config("tcltk_stubs")

 def find_tcl(tcllib, stubs)
-  paths = ["/usr/local/lib", "/usr/pkg", "/usr/lib"]
+  paths = ["/usr/local/lib", "/usr/pkg/lib", "/usr/lib"]
  func = stubs ? "Tcl_InitStubs" : "Tcl_FindExecutable"
  if tcllib
    find_library(tcllib, func, *paths)
@ -40,7 +40,7 @@ def find_tcl(tcllib, stubs)
 end

 def find_tk(tklib, stubs)
-  paths = ["/usr/local/lib", "/usr/pkg", "/usr/lib"]
+  paths = ["/usr/local/lib", "/usr/pkg/lib", "/usr/lib"]
  func = stubs ? "Tk_InitStubs" : "Tk_Init"
  if tklib
    find_library(tklib, func, *paths)
--- a/lib/English.rb
+++ b/lib/English.rb
@ -9,7 +9,7 @@ alias $OUTPUT_FIELD_SEPARATOR  $,
 alias $RS                      $/
 alias $INPUT_RECORD_SEPARATOR  $/
 alias $ORS                     $\
-alias $OUPUT_RECORD_SEPARATOR  $\
+alias $OUTPUT_RECORD_SEPARATOR $\
 alias $INPUT_LINE_NUMBER       $.
 alias $NR                      $.
 alias $LAST_READ_LINE          $_
--- a/parse.y
+++ b/parse.y
@ -4090,9 +4090,7 @@ gettable(id)
 	return NEW_FALSE();
    }
    else if (id == k__FILE__) {
-	VALUE f = rb_str_new2(ruby_sourcefile);
-	OBJ_FREEZE(f);
-	return NEW_STR(f);
+	return NEW_STR(rb_str_new2(ruby_sourcefile));
    }
    else if (id == k__LINE__) {
 	return NEW_LIT(INT2FIX(ruby_sourceline));
--- a/re.c
+++ b/re.c
@ -925,15 +925,11 @@ static VALUE
 rb_reg_equal(re1, re2)
    VALUE re1, re2;
 {
-    int min;
-
    if (re1 == re2) return Qtrue;
    if (TYPE(re2) != T_REGEXP) return Qfalse;
    rb_reg_check(re1); rb_reg_check(re2);
    if (RREGEXP(re1)->len != RREGEXP(re2)->len) return Qfalse;
-    min = RREGEXP(re1)->len;
-    if (min > RREGEXP(re2)->len) min = RREGEXP(re2)->len;
-    if (memcmp(RREGEXP(re1)->str, RREGEXP(re2)->str, min) == 0 &&
+    if (memcmp(RREGEXP(re1)->str, RREGEXP(re2)->str, RREGEXP(re1)->len) == 0 &&
 	rb_reg_cur_kcode(re1) == rb_reg_cur_kcode(re2) &&
 	RREGEXP(re1)->ptr->options == RREGEXP(re2)->ptr->options) {
 	return Qtrue;
--- a/ruby.1
+++ b/ruby.1
@ -1,6 +1,6 @@
 .\"Ruby is copyrighted by Yukihiro Matsumoto <matz@netlab.jp>.
 .na
-.TH RUBY 1 "ruby 1.6" "2000-09-11" "Ruby Programmers Reference Guide"
+.TH RUBY 1 "ruby 1.6" "2001-12-25" "Ruby Programmers Reference Manual"
 .SH NAME
 ruby - Interpreted object-oriented scripting language
 .SH SYNOPSIS
--- a/variable.c
+++ b/variable.c
@ -1528,7 +1528,7 @@ rb_mod_remove_cvar(mod, name)
    VALUE val;

    if (!rb_is_class_id(id)) {
-	rb_raise(rb_eNameError, "wrong class variable name %s", name);
+	rb_raise(rb_eNameError, "wrong class variable name %s", rb_id2name(name));
    }
    if (!OBJ_TAINTED(mod) && rb_safe_level() >= 4)
 	rb_raise(rb_eSecurityError, "Insecure: can't remove class variable");
--- a/version.c
+++ b/version.c
@ -40,6 +40,6 @@ ruby_show_version()
 void
 ruby_show_copyright()
 {
-    printf("ruby - Copyright (C) 1993-2000 Yukihiro Matsumoto\n");
+    printf("ruby - Copyright (C) 1993-2002 Yukihiro Matsumoto\n");
    exit(0);
 }