summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarcandre <marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2009-09-21 16:12:46 +0000
committermarcandre <marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2009-09-21 16:12:46 +0000
commitf91d6d91278029ce0d439425af4a80f2e2e854d6 (patch)
tree49bb373c918868e209898fa349a51cd09aedcd60
parent127fcb60fc9efdef066761290c0b9e28bfe3076a (diff)
downloadruby-f91d6d91278029ce0d439425af4a80f2e2e854d6.tar.gz
ruby-f91d6d91278029ce0d439425af4a80f2e2e854d6.tar.xz
ruby-f91d6d91278029ce0d439425af4a80f2e2e854d6.zip
* ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@25017 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--ext/openssl/ossl_config.c10
2 files changed, 15 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 426c60bac..f632ab6dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Sep 22 01:10:02 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca>
+
+ * ossl_config.c (ossl_config_add_value_m, ossl_config_set_section):
+ Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
+
Mon Sep 21 17:12:10 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* proc.c (proc_binding): allow proc from method. [ruby-core:25589]
diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c
index bbd497503..aac51f9f5 100644
--- a/ext/openssl/ossl_config.c
+++ b/ext/openssl/ossl_config.c
@@ -192,10 +192,19 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
#endif
}
+static void
+rb_ossl_config_modify_check(VALUE config)
+{
+ if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
+ if (!OBJ_UNTRUSTED(config) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
+}
+
#if !defined(OSSL_NO_CONF_API)
static VALUE
ossl_config_add_value_m(VALUE self, VALUE section, VALUE name, VALUE value)
{
+ rb_ossl_config_modify_check(self);
return ossl_config_add_value(self, section, name, value);
}
#else
@@ -257,6 +266,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash)
{
VALUE arg[2];
+ rb_ossl_config_modify_check(self);
arg[0] = self;
arg[1] = section;
rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg);
generated by cgit (git 2.34.1) at 2026-01-05 20:21:23 +0000