merges r25017 from trunk into ruby_1_9_1 and a test for it.

--
* ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
--
* test/openssl/test_config.rb (OpenSSL::TestConfig): new test case.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1@25945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 9 insertions, 0 deletions

diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c
index cfc650d69..13607c2af 100644
--- a/ext/openssl/ossl_config.c
+++ b/ext/openssl/ossl_config.c
@@ -192,6 +192,14 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value)
 #endif
 }
 
+static void
+rb_ossl_config_modify_check(VALUE config)
+{
+    if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
+    if (!OBJ_UNTRUSTED(config) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
+}
+
 static VALUE
 ossl_config_get_value(VALUE self, VALUE section, VALUE name)
 {
@@ -247,6 +255,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash)
 {
     VALUE arg[2];
 
+    rb_ossl_config_modify_check(self);
     arg[0] = self;
     arg[1] = section;
     rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg);