diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-09-09 13:15:16 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-09-09 13:15:16 +0000 |
| commit | 54455c239709e3f7719ab65777af3d71fc3c7331 (patch) | |
| tree | f6a4292bbcfc5ff50f08112477081a6401f7265a | |
| parent | 278c898aae78aaefc5151c9a97ace96517f4345b (diff) | |
| download | ruby-54455c239709e3f7719ab65777af3d71fc3c7331.tar.gz ruby-54455c239709e3f7719ab65777af3d71fc3c7331.tar.xz ruby-54455c239709e3f7719ab65777af3d71fc3c7331.zip | |
* eval.c (rb_call0): prohibit calling tainted method (>2) when
$SAFE == 0.
* sprintf.c (rb_f_sprintf): warn "too many argument" on verbose
mode (-v/-w); backported from 1.9. [ruby-dev:26963]
git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@9108 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | eval.c | 22 | ||||
| -rw-r--r-- | sprintf.c | 9 |
3 files changed, 27 insertions, 9 deletions
@@ -1,3 +1,8 @@ +Fri Sep 9 22:13:19 2005 Yukihiro Matsumoto <matz@ruby-lang.org> + + * eval.c (rb_call0): prohibit calling tainted method (>2) when + $SAFE == 0. + Fri Sep 9 16:45:25 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * string.c (rb_str_times): make empty strings to keep taintness, @@ -363,8 +363,10 @@ static ID init, eqq, each, aref, aset, match, missing; static ID added, singleton_added; static ID __id__, __send__, respond_to; -#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4) +#define NOEX_TAINTED 8 #define NOEX_SAFE(n) ((n) >> 4) +#define NOEX_WITH(n, v) ((n) | (v) << 4) +#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level) void rb_add_method(klass, mid, node, noex) @@ -5717,12 +5719,16 @@ rb_call0(klass, recv, id, oid, argc, argv, body, flags) } b2 = body = body->nd_next; - PUSH_VARS(); - PUSH_TAG(PROT_FUNC); if (NOEX_SAFE(flags) > ruby_safe_level) { + if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) { + rb_raise(rb_eSecurityError, "calling insecure method: %s", + rb_id2name(id)); + } safe = ruby_safe_level; ruby_safe_level = NOEX_SAFE(flags); } + PUSH_VARS(); + PUSH_TAG(PROT_FUNC); if ((state = EXEC_TAG()) == 0) { NODE *node = 0; int i; @@ -8948,14 +8954,20 @@ method_call(argc, argv, method) { VALUE result = Qnil; /* OK */ struct METHOD *data; + int safe; Data_Get_Struct(method, struct METHOD, data); if (data->recv == Qundef) { rb_raise(rb_eTypeError, "can't call unbound method; bind first"); } + if (OBJ_TAINTED(method)) { + safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED; + } + else { + safe = data->safe_level; + } PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT); - result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body, - data->safe_level); + result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,safe); POP_ITER(); return result; } @@ -771,11 +771,12 @@ rb_f_sprintf(argc, argv) } sprint_exit: - /* XXX - We cannot validiate the number of arguments because - * the format string may contain `n$'-style argument selector. + /* XXX - We cannot validiate the number of arguments if (digit)$ style used. */ - if (RTEST(ruby_debug) && posarg >= 0 && nextarg < argc) { - rb_raise(rb_eArgError, "too many arguments for format string"); + if (posarg >= 0 && nextarg < argc) { + const char *mesg = "too many arguments for format string"; + if (RTEST(ruby_debug)) rb_raise(rb_eArgError, mesg); + if (RTEST(ruby_verbose)) rb_warn(mesg); } rb_str_resize(result, blen); |