diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | ext/openssl/ossl_config.c | 9 | ||||
| -rw-r--r-- | test/openssl/test_config.rb | 15 | ||||
| -rw-r--r-- | version.h | 2 |
4 files changed, 30 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Tue Sep 22 01:10:02 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca> + + * ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): + Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377] + Sun Sep 20 11:11:34 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca> * struct.c (rb_struct_equal, rb_struct_eql): Handle comparison of diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index cfc650d69..13607c2af 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -192,6 +192,14 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) #endif } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_UNTRUSTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + static VALUE ossl_config_get_value(VALUE self, VALUE section, VALUE name) { @@ -247,6 +255,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash) { VALUE arg[2]; + rb_ossl_config_modify_check(self); arg[0] = self; arg[1] = section; rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg); diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb new file mode 100644 index 000000000..9578bb254 --- /dev/null +++ b/test/openssl/test_config.rb @@ -0,0 +1,15 @@ +require 'openssl' +require "test/unit" + +class OpenSSL::TestConfig < Test::Unit::TestCase + def test_freeze + c = OpenSSL::Config.new + c['foo'] = [['key', 'value']] + c.freeze + + # [ruby-core:18377] + assert_raise(RuntimeError, /frozen/) do + c['foo'] = [['key', 'wrong']] + end + end +end @@ -1,5 +1,5 @@ #define RUBY_VERSION "1.9.1" -#define RUBY_PATCHLEVEL 346 +#define RUBY_PATCHLEVEL 347 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 9 #define RUBY_VERSION_TEENY 1 |