kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* file.c (file_expand_path): home directory must be absolute.

Browse source 
[ruby-core:31537]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@28796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2010-07-29 23:51:53 +00:00
parent f2c87d5395
commit c03e220cf3
3 changed files with 30 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Fri Jul 30 08:51:51 2010 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): home directory must be absolute.
[ruby-core:31537]
Fri Jul 30 08:33:20 2010 Nobuyoshi Nakada <nobu@ruby-lang.org> Fri Jul 30 08:33:20 2010 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): should check if could find user. * file.c (file_expand_path): should check if could find user.

16
file.c
View file

@ -2512,6 +2512,7 @@ file_expand_path(fname, dname, result)
tainted = OBJ_TAINTED(fname); tainted = OBJ_TAINTED(fname);
if (s[0] == '~') { if (s[0] == '~') {
long userlen = 0;
if (isdirsep(s[1]) || s[1] == '\0') { if (isdirsep(s[1]) || s[1] == '\0') {
const char *dir = getenv("HOME"); const char *dir = getenv("HOME");
@ -2539,9 +2540,10 @@ file_expand_path(fname, dname, result)
s++; s++;
#endif #endif
s = nextdirsep(b = s); s = nextdirsep(b = s);
BUFCHECK(bdiff + (s-b) >= buflen); userlen = s - b;
memcpy(p, b, s-b); BUFCHECK(bdiff + userlen >= buflen);
p += s-b; memcpy(p, b, userlen);
p += userlen;
*p = '\0'; *p = '\0';
#ifdef HAVE_PWD_H #ifdef HAVE_PWD_H
pwPtr = getpwnam(buf); pwPtr = getpwnam(buf);
@ -2558,6 +2560,14 @@ file_expand_path(fname, dname, result)
rb_raise(rb_eArgError, "can't find user %s", buf); rb_raise(rb_eArgError, "can't find user %s", buf);
#endif #endif
} }
if (!is_absolute_path(RSTRING_PTR(result))) {
if (userlen) {
rb_raise(rb_eArgError, "non-absolute home of %.*s", userlen, s);
}
else {
rb_raise(rb_eArgError, "non-absolute home");
}
}
} }
#ifdef DOSISH_DRIVE_LETTER #ifdef DOSISH_DRIVE_LETTER
/* skip drive letter */ /* skip drive letter */

12
test/ruby/test_file_exhaustive.rb
View file

@ -356,6 +356,18 @@ class TestFileExhaustive < Test::Unit::TestCase
assert_kind_of(String, File.expand_path("~")) assert_kind_of(String, File.expand_path("~"))
assert_raise(ArgumentError) { File.expand_path("~foo_bar_baz_unknown_user_wahaha") } assert_raise(ArgumentError) { File.expand_path("~foo_bar_baz_unknown_user_wahaha") }
assert_raise(ArgumentError) { File.expand_path("~foo_bar_baz_unknown_user_wahaha", "/") } assert_raise(ArgumentError) { File.expand_path("~foo_bar_baz_unknown_user_wahaha", "/") }
begin
bug3630 = '[ruby-core:31537]'
home = ENV["HOME"]
ENV["HOME"] = nil
assert_raise(ArgumentError) { File.expand_path("~") }
ENV["HOME"] = "~"
assert_raise(ArgumentError, bug3630) { File.expand_path("~") }
ENV["HOME"] = "."
assert_raise(ArgumentError, bug3630) { File.expand_path("~") }
ensure
ENV["HOME"] = home
end
end end
def test_basename def test_basename