* eval.c (avalue_splat): new function to do unary * (splat)

operator. * eval.c (avalue_to_svalue,svalue_to_avalue,svalue_to_mrhs): do not use implicit "to_ary" conversion. * ext/curses/curses.c (GetWINDOW,GetMOUSE): add taint check. * ext/curses/curses.c (curses_init_screen): ditto. * ext/curses/curses.c (window_initialize): ditto. * gc.c (os_each_obj): prohibit ObjectSpace#each_object in safe mode ($SAFE >= 4). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@3616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2003-03-26 07:01:14 +00:00 · 2003-03-26 07:01:14 +00:00 · e9b5878c41
commit e9b5878c41
parent 8478ba513f
9 changed files with 112 additions and 55 deletions
--- a/ext/curses/curses.c
+++ b/ext/curses/curses.c
@ -75,6 +75,8 @@ no_window()
 }

 #define GetWINDOW(obj, winp) do {\
+    if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)\
+	rb_raise(rb_eSecurityError, "Insecure: operation on untainted window");\
    Data_Get_Struct(obj, struct windata, winp);\
    if (winp->window == 0) no_window();\
 } while (0)
@ -113,6 +115,7 @@ prep_window(class, window)
 static VALUE
 curses_init_screen()
 {
+    rb_secure(4);
    if (rb_stdscr) return rb_stdscr;
    initscr();
    if (stdscr == 0) {
@ -593,6 +596,8 @@ no_mevent()
 }

 #define GetMOUSE(obj, data) do {\
+    if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)\
+	rb_raise(rb_eSecurityError, "Insecure: operation on untainted mouse");\
    Data_Get_Struct(obj, struct mousedata, data);\
    if (data->mevent == 0) no_mevent();\
 } while (0)
@ -677,6 +682,7 @@ window_initialize(obj, h, w, top, left)
    struct windata *winp;
    WINDOW *window;

+    rb_secure(4);
    curses_init_screen();
    Data_Get_Struct(obj, struct windata, winp);
    if (winp->window) delwin(winp->window);