From 59177e063dbc690baccc008a16b05f9cb2a37aae Mon Sep 17 00:00:00 2001 From: yugui Date: Mon, 11 May 2009 15:07:10 +0000 Subject: * ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen with a tainted name of library. Patch by sheepman . * ext/dl/dl.c (rb_dlhandle_sym): ditto git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1@23405 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 8 ++++++++ ext/dl/handle.c | 8 +++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1de38d363..9bacb4012 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +Mon May 11 23:14:06 2009 Yuki Sonoda (Yugui) + + * ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen + with a tainted name of library. + Patch by sheepman . + + * ext/dl/dl.c (rb_dlhandle_sym): ditto + Mon May 11 22:33:46 2009 Yuki Sonoda (Yugui) * ext/dl/lib/dl/func.rb (DL::Function#call): prevents diff --git a/ext/dl/handle.c b/ext/dl/handle.c index ee3c64498..d72f725fb 100644 --- a/ext/dl/handle.c +++ b/ext/dl/handle.c @@ -5,6 +5,8 @@ #include #include "dl.h" +#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v)) + VALUE rb_cDLHandle; void @@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self) cflag = RTLD_LAZY | RTLD_GLOBAL; break; case 1: - clib = NIL_P(lib) ? NULL : StringValuePtr(lib); + clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib); cflag = RTLD_LAZY | RTLD_GLOBAL; break; case 2: - clib = NIL_P(lib) ? NULL : StringValuePtr(lib); + clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib); cflag = NUM2INT(flag); break; default: @@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym) rb_secure(2); - name = StringValuePtr(sym); + name = SafeStringValuePtr(sym); Data_Get_Struct(self, struct dl_handle, dlhandle); if( ! dlhandle->open ){ -- cgit