* eval.c (rb_call), eval_method.ci (rb_add_method, rb_alias),

insnhelper.ci (vm_call_method): fix to save safelevel for
  method node.
* include/ruby/node.h: ditto.
* bootstraptest/test_method.rb: add a test for above.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@13079 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,13 @@
+Fri Aug 17 21:20:44 2007  Koichi Sasada  <ko1@atdot.net>
+
+	* eval.c (rb_call), eval_method.ci (rb_add_method, rb_alias),
+	  insnhelper.ci (vm_call_method): fix to save safelevel for
+	  method node.
+
+	* include/ruby/node.h: ditto.
+
+	* bootstraptest/test_method.rb: add a test for above.
+
 Fri Aug 17 16:02:50 2007  Koichi Sasada  <ko1@atdot.net>
 
 	* thread.c (rb_thread_terminate_all): fix to ignore

bootstraptest/test_method.rb

@@ -860,5 +860,49 @@ class C0; def m *args; [:C0_m, args]; end; end
 class C1 < C0; def m a, o=:o; super; end; end
 ; C1.new.m 1, 2}
 
+assert_equal %q{[:ok, :ok, :ok, :ok, :ok, :ok, :ng, :ng]}, %q{
+  $ans = []
+  class Foo
+    def m
+    end
+  end
 
+  alias funcall send unless defined? funcall
+
+  c1 = c2 = nil
+
+  lambda{
+    $SAFE = 4
+    c1 = Class.new{
+      def m
+      end
+    }
+    c2 = Class.new(Foo){
+      alias mm m
+    }
+  }.call
+
+  def test
+    begin
+      yield
+    rescue SecurityError
+      $ans << :ok
+    else
+      $ans << :ng
+    end
+  end
+
+  o1 = c1.new
+  o2 = c2.new
+  
+  test{o1.m}
+  test{o2.mm}
+  test{o1.send :m}
+  test{o2.send :mm}
+  test{o1.funcall :m}
+  test{o2.funcall :mm}
+  test{o1.method(:m).call}
+  test{o2.method(:mm).call}
+  $ans
+}
 

eval.c

@@ -1343,6 +1343,7 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
     int noex;
     ID id = mid;
     struct cache_entry *ent;
+    rb_thread_t *th = GET_THREAD();
 
     if (!klass) {
 	rb_raise(rb_eNotImpError,
@@ -1351,6 +1352,7 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
     }
     /* is it in the method cache? */
     ent = cache + EXPR1(klass, mid);
+
     if (ent->mid == mid && ent->klass == klass) {
 	if (!ent->method)
 	    return method_missing(recv, mid, argc, argv,
@@ -1372,8 +1374,11 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
 	return method_missing(recv, mid, argc, argv,
 			      scope == 2 ? NOEX_VCALL : 0);
     }
+    
+
     if (mid != missing) {
 	/* receiver specified form for private method */
+	if (UNLIKELY(noex)) {
 	    if (((noex & NOEX_MASK) & NOEX_PRIVATE) && scope == 0) {
 		return method_missing(recv, mid, argc, argv, NOEX_PRIVATE);
 	    }
@@ -1391,6 +1396,11 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
 		    return method_missing(recv, mid, argc, argv, NOEX_PROTECTED);
 		}
 	    }
+
+	    if (NOEX_SAFE(noex) > th->safe_level) {
+		rb_raise(rb_eSecurityError, "calling insecure method: %s", rb_id2name(mid));
+	    }
+	}
     }
 
     {
@@ -1403,8 +1413,7 @@ rb_call(VALUE klass, VALUE recv, ID mid, int argc, const VALUE *argv, int scope)
 	//level++;
 	//printf("%s with %d args\n", rb_id2name(mid), argc);
 	*/
-	val =
+	val = vm_call0(th, klass, recv, mid, id, argc, argv, body,
-	    vm_call0(GET_THREAD(), klass, recv, mid, id, argc, argv, body,
 		       noex & NOEX_NOSUPER);
 	/*
 	//level--;

eval_method.ci

@@ -132,7 +132,7 @@ rb_add_method(VALUE klass, ID mid, NODE * node, int noex)
      *   nd_cnt  : alias count           // (3)
      */
     if (node) {
-	body = NEW_FBODY(NEW_METHOD(node, klass, noex), 0);
+	body = NEW_FBODY(NEW_METHOD(node, klass, NOEX_WITH_SAFE(noex)), 0);
     }
     else {
 	body = 0;
@@ -580,7 +580,7 @@ rb_alias(VALUE klass, ID name, ID def)
 	      (st_data_t) NEW_FBODY(
 		  NEW_METHOD(orig_fbody->nd_body->nd_body,
 			     orig_fbody->nd_body->nd_clss,
-			     orig_fbody->nd_body->nd_noex), def));
+			     NOEX_WITH_SAFE(orig_fbody->nd_body->nd_noex)), def));
 
     rb_clear_cache_by_id(name);
 

include/ruby/node.h

@@ -484,6 +484,10 @@ enum ruby_node_flags {
 #define NOEX_SUPER     0x20
 #define NOEX_VCALL     0x40
 
+#define NOEX_SAFE(n) (((n) >> 8) & 0x0F)
+#define NOEX_WITH(n, s) ((s << 8) | n)
+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, rb_safe_level())
+
 VALUE rb_parser_new(void);
 VALUE rb_parser_end_seen_p(VALUE);
 

insnhelper.ci

@@ -487,7 +487,8 @@ vm_call_method(rb_thread_t *th, rb_control_frame_t *cfp,
 	    val = vm_method_missing(th, id, recv, num, blockptr, stat);
 	}
     }
-    else if (!(flag & VM_CALL_FCALL_BIT) &&
+    else if (UNLIKELY(mn->nd_noex)) {
+	if (!(flag & VM_CALL_FCALL_BIT) &&
 	    (mn->nd_noex & NOEX_MASK) & NOEX_PRIVATE) {
 	    int stat = NOEX_PRIVATE;
 	    if (flag & VM_CALL_VCALL_BIT) {
@@ -509,6 +510,13 @@ vm_call_method(rb_thread_t *th, rb_control_frame_t *cfp,
 		goto normal_method_dispatch;
 	    }
 	}
+	else if (NOEX_SAFE(mn->nd_noex) > th->safe_level) {
+	    rb_raise(rb_eSecurityError, "calling insecure method: %s", rb_id2name(id));
+	}
+	else {
+	    goto normal_method_dispatch;
+	}
+    }
 
     /* dispatch method */
     else {