kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

[ruby/fiddle] Remove taint support (#21)

Browse source 
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
18d6fb6915
This commit is contained in:
Jeremy Evans 2019-10-19 16:10:47 -07:00 committed by Hiroshi SHIBATA
parent ce6caade7c
commit b809784817
7 changed files with 9 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ext/fiddle/function.c
View file

@ -184,15 +184,6 @@ function_call(int argc, VALUE argv[], VALUE self)
TypedData_Get_Struct(self, ffi_cif, &function_data_type, args.cif); TypedData_Get_Struct(self, ffi_cif, &function_data_type, args.cif);
if (rb_safe_level() >= 1) {
for (i = 0; i < argc; i++) {
VALUE src = argv[i];
if (OBJ_TAINTED(src)) {
rb_raise(rb_eSecurityError, "tainted parameter not allowed");
}
}
}
generic_args = ALLOCV(alloc_buffer, generic_args = ALLOCV(alloc_buffer,
(size_t)(argc + 1) * sizeof(void *) + (size_t)argc * sizeof(fiddle_generic)); (size_t)(argc + 1) * sizeof(void *) + (size_t)argc * sizeof(fiddle_generic));
args.values = (void **)((char *)generic_args + args.values = (void **)((char *)generic_args +

8
ext/fiddle/handle.c
View file

@ -1,8 +1,6 @@
#include <ruby.h> #include <ruby.h>
#include <fiddle.h> #include <fiddle.h>
#define SafeStringValueCStr(v) (rb_check_safe_obj(rb_string_value(&v)), StringValueCStr(v))
VALUE rb_cHandle; VALUE rb_cHandle;
struct dl_handle { struct dl_handle {
@ -145,11 +143,11 @@ rb_fiddle_handle_initialize(int argc, VALUE argv[], VALUE self)
cflag = RTLD_LAZY | RTLD_GLOBAL; cflag = RTLD_LAZY | RTLD_GLOBAL;
break; break;
case 1: case 1:
clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib); clib = NIL_P(lib) ? NULL : StringValueCStr(lib);
cflag = RTLD_LAZY | RTLD_GLOBAL; cflag = RTLD_LAZY | RTLD_GLOBAL;
break; break;
case 2: case 2:
clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib); clib = NIL_P(lib) ? NULL : StringValueCStr(lib);
cflag = NUM2INT(flag); cflag = NUM2INT(flag);
break; break;
default: default:
@ -319,7 +317,7 @@ fiddle_handle_sym(void *handle, VALUE symbol)
# define CHECK_DLERROR # define CHECK_DLERROR
#endif #endif
void (*func)(); void (*func)();
const char *name = SafeStringValueCStr(symbol); const char *name = StringValueCStr(symbol);
#ifdef HAVE_DLERROR #ifdef HAVE_DLERROR
dlerror(); dlerror();

12
ext/fiddle/pointer.c
View file

@ -90,7 +90,6 @@ rb_fiddle_ptr_new2(VALUE klass, void *ptr, long size, freefunc_t func)
data->ptr = ptr; data->ptr = ptr;
data->free = func; data->free = func;
data->size = size; data->size = size;
OBJ_TAINT(val);
return val; return val;
} }
@ -376,11 +375,11 @@ rb_fiddle_ptr_to_s(int argc, VALUE argv[], VALUE self)
TypedData_Get_Struct(self, struct ptr_data, &fiddle_ptr_data_type, data); TypedData_Get_Struct(self, struct ptr_data, &fiddle_ptr_data_type, data);
switch (rb_scan_args(argc, argv, "01", &arg1)) { switch (rb_scan_args(argc, argv, "01", &arg1)) {
case 0: case 0:
val = rb_tainted_str_new2((char*)(data->ptr)); val = rb_str_new2((char*)(data->ptr));
break; break;
case 1: case 1:
len = NUM2INT(arg1); len = NUM2INT(arg1);
val = rb_tainted_str_new((char*)(data->ptr), len); val = rb_str_new((char*)(data->ptr), len);
break; break;
default: default:
rb_bug("rb_fiddle_ptr_to_s"); rb_bug("rb_fiddle_ptr_to_s");
@ -414,11 +413,11 @@ rb_fiddle_ptr_to_str(int argc, VALUE argv[], VALUE self)
TypedData_Get_Struct(self, struct ptr_data, &fiddle_ptr_data_type, data); TypedData_Get_Struct(self, struct ptr_data, &fiddle_ptr_data_type, data);
switch (rb_scan_args(argc, argv, "01", &arg1)) { switch (rb_scan_args(argc, argv, "01", &arg1)) {
case 0: case 0:
val = rb_tainted_str_new((char*)(data->ptr),data->size); val = rb_str_new((char*)(data->ptr),data->size);
break; break;
case 1: case 1:
len = NUM2INT(arg1); len = NUM2INT(arg1);
val = rb_tainted_str_new((char*)(data->ptr), len); val = rb_str_new((char*)(data->ptr), len);
break; break;
default: default:
rb_bug("rb_fiddle_ptr_to_str"); rb_bug("rb_fiddle_ptr_to_str");
@ -551,7 +550,7 @@ rb_fiddle_ptr_aref(int argc, VALUE argv[], VALUE self)
case 2: case 2:
offset = NUM2ULONG(arg0); offset = NUM2ULONG(arg0);
len = NUM2ULONG(arg1); len = NUM2ULONG(arg1);
retval = rb_tainted_str_new((char *)data->ptr + offset, len); retval = rb_str_new((char *)data->ptr + offset, len);
break; break;
default: default:
rb_bug("rb_fiddle_ptr_aref()"); rb_bug("rb_fiddle_ptr_aref()");
@ -669,7 +668,6 @@ rb_fiddle_ptr_s_to_ptr(VALUE self, VALUE val)
if (num == val) wrap = 0; if (num == val) wrap = 0;
ptr = rb_fiddle_ptr_new(NUM2PTR(num), 0, NULL); ptr = rb_fiddle_ptr_new(NUM2PTR(num), 0, NULL);
} }
OBJ_INFECT(ptr, val);
if (wrap) RPTR_DATA(ptr)->wrap[0] = wrap; if (wrap) RPTR_DATA(ptr)->wrap[0] = wrap;
return ptr; return ptr;
} }

12
test/fiddle/test_func.rb
View file

@ -11,18 +11,6 @@ module Fiddle
assert_nil f.call(10) assert_nil f.call(10)
end end
def test_syscall_with_tainted_string
f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
Thread.new {
$SAFE = 1
assert_raise(SecurityError) do
f.call("uname -rs".dup.taint)
end
}.join
ensure
$SAFE = 0
end
def test_sinf def test_sinf
begin begin
f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT) f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)

2
test/fiddle/test_function.rb
View file

@ -98,7 +98,7 @@ module Fiddle
end end
def test_no_memory_leak def test_no_memory_leak
prep = 'r = Fiddle::Function.new(Fiddle.dlopen(nil)["rb_obj_tainted"], [Fiddle::TYPE_UINTPTR_T], Fiddle::TYPE_UINTPTR_T); a = "a"' prep = 'r = Fiddle::Function.new(Fiddle.dlopen(nil)["rb_obj_frozen"], [Fiddle::TYPE_UINTPTR_T], Fiddle::TYPE_UINTPTR_T); a = "a"'
code = 'begin r.call(a); rescue TypeError; end' code = 'begin r.call(a); rescue TypeError; end'
assert_no_memory_leak(%w[-W0 -rfiddle], "#{prep}\n1000.times{#{code}}", "10_000.times {#{code}}", limit: 1.2) assert_no_memory_leak(%w[-W0 -rfiddle], "#{prep}\n1000.times{#{code}}", "10_000.times {#{code}}", limit: 1.2)
end end

23
test/fiddle/test_handle.rb
View file

@ -8,29 +8,6 @@ module Fiddle
class TestHandle < TestCase class TestHandle < TestCase
include Fiddle include Fiddle
def test_safe_handle_open
Thread.new do
$SAFE = 1
assert_raise(SecurityError) {
Fiddle::Handle.new(LIBC_SO.dup.taint)
}
end.join
ensure
$SAFE = 0
end
def test_safe_function_lookup
Thread.new do
h = Fiddle::Handle.new(LIBC_SO)
$SAFE = 1
assert_raise(SecurityError) {
h["qsort".dup.taint]
}
end.join
ensure
$SAFE = 0
end
def test_to_i def test_to_i
handle = Fiddle::Handle.new(LIBC_SO) handle = Fiddle::Handle.new(LIBC_SO)
assert_kind_of Integer, handle.to_i assert_kind_of Integer, handle.to_i

1
test/fiddle/test_pointer.rb
View file

@ -79,7 +79,6 @@ module Fiddle
def test_to_ptr_string def test_to_ptr_string
str = "hello world" str = "hello world"
ptr = Pointer[str] ptr = Pointer[str]
assert ptr.tainted?, 'pointer should be tainted'
assert_equal str.length, ptr.size assert_equal str.length, ptr.size
assert_equal 'hello', ptr[0,5] assert_equal 'hello', ptr[0,5]
end end