kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untainted for $SECURE >= 4) [ruby-core:18377]

Browse source 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@25069 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
marcandre 2009-09-24 01:26:41 +00:00
parent 23c8ba8c46
commit bd43f0371d
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Thu Sep 24 10:26:16 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca>
* ext/openssl/ossl_config.c (ossl_config_add_value_m,
ossl_config_set_section): Check if frozen (or untainted for $SECURE >=
4) [ruby-core:18377]
Thu Sep 24 10:06:19 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca>
* lib/mathn.rb (Fixnum#**, Float#**, Bignum#**): Allow fractional

10
ext/openssl/ossl_config.c
View file

@ -158,6 +158,14 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self)
return self;
}
static void
rb_ossl_config_modify_check(VALUE config)
{
if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
if (!OBJ_TAINTED(config) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
}
static VALUE
ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
{
@ -167,6 +175,7 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
CONF *conf;
CONF_VALUE *sv, *cv;
rb_ossl_config_modify_check(self);
StringValue(section);
StringValue(name);
StringValue(value);
@ -247,6 +256,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash)
{
VALUE arg[2];
rb_ossl_config_modify_check(self);
arg[0] = self;
arg[1] = section;
rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg);