From 54455c239709e3f7719ab65777af3d71fc3c7331 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 9 Sep 2005 13:15:16 +0000
Subject: * eval.c (rb_call0): prohibit calling tainted method (>2) when  
 $SAFE == 0.

* sprintf.c (rb_f_sprintf): warn "too many argument" on verbose
  mode (-v/-w); backported from 1.9.  [ruby-dev:26963]


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@9108 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog |  5 +++++
 eval.c    | 22 +++++++++++++++++-----
 sprintf.c |  9 +++++----
 3 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0b912b635..d028e3a96 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Fri Sep  9 22:13:19 2005  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* eval.c (rb_call0): prohibit calling tainted method (>2) when
+	  $SAFE == 0.
+
 Fri Sep  9 16:45:25 2005  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* string.c (rb_str_times): make empty strings to keep taintness,
diff --git a/eval.c b/eval.c
index e305a3b82..ebb91e5cb 100644
--- a/eval.c
+++ b/eval.c
@@ -363,8 +363,10 @@ static ID init, eqq, each, aref, aset, match, missing;
 static ID added, singleton_added;
 static ID __id__, __send__, respond_to;
 
-#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4)
+#define NOEX_TAINTED 8
 #define NOEX_SAFE(n) ((n) >> 4)
+#define NOEX_WITH(n, v) ((n) | (v) << 4)
+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
 
 void
 rb_add_method(klass, mid, node, noex)
@@ -5717,12 +5719,16 @@ rb_call0(klass, recv, id, oid, argc, argv, body, flags)
 	    }
 	    b2 = body = body->nd_next;
 
-	    PUSH_VARS();
-	    PUSH_TAG(PROT_FUNC);
 	    if (NOEX_SAFE(flags) > ruby_safe_level) {
+		if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+		    rb_raise(rb_eSecurityError, "calling insecure method: %s",
+			     rb_id2name(id));
+		}
 		safe = ruby_safe_level;
 		ruby_safe_level = NOEX_SAFE(flags);
 	    }
+	    PUSH_VARS();
+	    PUSH_TAG(PROT_FUNC);
 	    if ((state = EXEC_TAG()) == 0) {
 		NODE *node = 0;
 		int i;
@@ -8948,14 +8954,20 @@ method_call(argc, argv, method)
 {
     VALUE result = Qnil;	/* OK */
     struct METHOD *data;
+    int safe;
 
     Data_Get_Struct(method, struct METHOD, data);
     if (data->recv == Qundef) {
 	rb_raise(rb_eTypeError, "can't call unbound method; bind first");
     }
+    if (OBJ_TAINTED(method)) {
+        safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
+    }
+    else {
+	safe = data->safe_level;
+    }
     PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
-    result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,
-		      data->safe_level);
+    result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,safe);
     POP_ITER();
     return result;
 }
diff --git a/sprintf.c b/sprintf.c
index acfbf64d5..9f4d8e404 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -771,11 +771,12 @@ rb_f_sprintf(argc, argv)
     }
 
   sprint_exit:
-    /* XXX - We cannot validiate the number of arguments because
-     *       the format string may contain `n$'-style argument selector.
+    /* XXX - We cannot validiate the number of arguments if (digit)$ style used.
      */
-    if (RTEST(ruby_debug) && posarg >= 0 && nextarg < argc) {
-	rb_raise(rb_eArgError, "too many arguments for format string");
+    if (posarg >= 0 && nextarg < argc) {
+	const char *mesg = "too many arguments for format string";
+	if (RTEST(ruby_debug)) rb_raise(rb_eArgError, mesg);
+	if (RTEST(ruby_verbose)) rb_warn(mesg);
     }
     rb_str_resize(result, blen);
 
-- 
cgit