1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* error.c (exc_to_s): untainted strings can be tainted via

Exception#to_s, which enables attackers to overwrite sane strings.
  Reported by: Yusuke Endoh <mame at tsg.ne.jp>.

* error.c (name_err_to_s): ditto.

* test/ruby/test_exception.rb (TestException::test_to_s_taintness_propagation):
  Test for it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@30903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
shyouhei 2011-02-18 11:05:02 +00:00
parent 0d672545f1
commit fca16b0c57
3 changed files with 37 additions and 4 deletions

View file

@ -184,4 +184,26 @@ class TestException < Test::Unit::TestCase
assert(false)
end
end
def test_to_s_taintness_propagation
for exc in [Exception, NameError]
m = "abcdefg"
e = exc.new(m)
e.taint
s = e.to_s
assert_equal(false, m.tainted?,
"#{exc}#to_s should not propagate taintness")
assert_equal(false, s.tainted?,
"#{exc}#to_s should not propagate taintness")
end
o = Object.new
def o.to_str
"foo"
end
o.taint
e = NameError.new(o)
s = e.to_s
assert_equal(true, s.tainted?)
end
end