1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

Check MJIT_BUILD_DIR strictly

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65536 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2018-11-04 12:46:50 +00:00
parent c111c42ba2
commit ef94a94d7d

27
mjit.c
View file

@ -380,6 +380,10 @@ init_header_filename(void)
; ;
const size_t libpathflag_len = sizeof(libpathflag) - 1; const size_t libpathflag_len = sizeof(libpathflag) - 1;
#endif #endif
#ifndef LOAD_RELATIVE
static const char build_dir[] = MJIT_BUILD_DIR;
struct stat st;
#endif
basedir_val = ruby_prefix_path; basedir_val = ruby_prefix_path;
basedir = StringValuePtr(basedir_val); basedir = StringValuePtr(basedir_val);
@ -390,8 +394,15 @@ init_header_filename(void)
/* This path is not intended to be used on production, but using build directory's /* This path is not intended to be used on production, but using build directory's
header file here because people want to run `make test-all` without running header file here because people want to run `make test-all` without running
`make install`. Don't use $MJIT_SEARCH_BUILD_DIR except for test-all. */ `make install`. Don't use $MJIT_SEARCH_BUILD_DIR except for test-all. */
basedir = MJIT_BUILD_DIR; if (build_dir[0] != '/' ||
baselen = strlen(basedir); stat(build_dir, &st) || !S_ISDIR(st.st_mode) ||
st.st_uid != getuid() || (st.st_mode & 022) ||
!rb_path_check(build_dir)) {
verbose(1, "Unsafe MJIT_BUILD_DIR: %s", build_dir);
return FALSE;
}
basedir = build_dir;
baselen = sizeof(build_dir) - 1;
} }
#endif #endif
@ -410,6 +421,18 @@ init_header_filename(void)
header_file = NULL; header_file = NULL;
return FALSE; return FALSE;
} }
#ifndef LOAD_RELATIVE
if ((basedir == build_dir) &&
(fstat(fd, &st) ||
st.st_uid != getuid() ||
(st.st_mode & 022))) {
(void)close(fd);
verbose(1, "Unsafe header file: %s", header_file);
xfree(header_file);
header_file = NULL;
return FALSE;
}
#endif
(void)close(fd); (void)close(fd);
} }