yarv-diff:331
From: ko1 atdot.net
Date: 17 May 2006 07:48:35 -0000
Subject: [yarv-diff:331] r498 - in trunk: . ext/racc/cparse
Author: matz
Date: 2006-05-17 16:48:35 +0900 (Wed, 17 May 2006)
New Revision: 498
Modified:
trunk/ChangeLog
trunk/dir.c
trunk/ext/racc/cparse/Makefile
trunk/re.c
Log:
security backport from 1.9
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2006-05-07 12:20:19 UTC (rev 497)
+++ trunk/ChangeLog 2006-05-17 07:48:35 UTC (rev 498)
@@ -4,6 +4,21 @@
# from Mon, 03 May 2004 01:24:19 +0900
#
+2006-05-17(Wed) 16:41:41 +900 Yukihiro Matsumoto <matz ruby-lang.org>
+
+ * re.c (rb_reg_initialize): should not allow modifying literal
+ regexps. frozen check moved from rb_reg_initialize_m as well.
+
+ * re.c (rb_reg_initialize): should not modify untainted objects in
+ safe levels higher than 3.
+
+ * re.c (rb_memcmp): type change from char* to const void*.
+
+ * dir.c (dir_close): should not close untainted dir stream.
+
+ * dir.c (GetDIR): add tainted/frozen check for each dir operation.
+
+
2006-05-07(Sun) 21:06:28 +0900 Koichi Sasada <ko1 atdot.net>
* thread.c : remove Mutex#unlock_and_stop and add Mutex#sleep
Modified: trunk/dir.c
===================================================================
--- trunk/dir.c 2006-05-07 12:20:19 UTC (rev 497)
+++ trunk/dir.c 2006-05-17 07:48:35 UTC (rev 498)
@@ -441,7 +441,16 @@
rb_raise(rb_eIOError, "closed directory");
}
+static void
+dir_check(VALUE dir)
+{
+ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
+ rb_check_frozen(dir);
+}
+
#define GetDIR(obj, dirp) do {\
+ dir_check(dir);\
Data_Get_Struct(obj, struct dir_data, dirp);\
if (dirp->dir == NULL) dir_closed();\
} while (0)
@@ -647,6 +656,9 @@
{
struct dir_data *dirp;
+ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
GetDIR(dir, dirp);
rewinddir(dirp->dir);
return dir;
Modified: trunk/ext/racc/cparse/Makefile
===================================================================
--- trunk/ext/racc/cparse/Makefile 2006-05-07 12:20:19 UTC (rev 497)
+++ trunk/ext/racc/cparse/Makefile 2006-05-17 07:48:35 UTC (rev 498)
@@ -7,7 +7,7 @@
topdir = ../../..
hdrdir = $(topdir)/.
VPATH = $(srcdir):$(topdir):$(hdrdir)
-prefix = $(DESTDIR)/home/aamine/tmp/yarv
+prefix = $(DESTDIR)/usr/local
exec_prefix = $(prefix)
sitedir = $(prefix)/lib/ruby/site_ruby
rubylibdir = $(libdir)/ruby/$(ruby_version)
@@ -34,7 +34,7 @@
LIBRUBYARG_SHARED = -Wl,-R -Wl,$(libdir) -L$(libdir) -L.
LIBRUBYARG_STATIC = -l$(RUBY_SO_NAME)-static
-CFLAGS = -fPIC -g -O2 -Wall
+CFLAGS = -fPIC -g -O2
CPPFLAGS = -I. -I$(topdir) -I$(hdrdir) -I$(srcdir)
CXXFLAGS = $(CFLAGS) -g -O2
DLDFLAGS =
@@ -45,8 +45,8 @@
RUBY_INSTALL_NAME = ruby
RUBY_SO_NAME = ruby
-arch = x86_64-linux
-sitearch = x86_64-linux
+arch = i686-linux
+sitearch = i686-linux
ruby_version = 2.0
ruby = $(topdir)/miniruby -I'$(topdir)' -I'$(hdrdir)/lib'
RUBY = $(ruby)
Modified: trunk/re.c
===================================================================
--- trunk/re.c 2006-05-07 12:20:19 UTC (rev 497)
+++ trunk/re.c 2006-05-17 07:48:35 UTC (rev 498)
@@ -76,8 +76,9 @@
#endif
int
-rb_memcicmp(char *p1, char *p2, long len)
+rb_memcicmp(const void *x, const void *y, long len)
{
+ const unsigned char *p1 = x, *p2 = y;
int tmp;
while (len--) {
@@ -88,7 +89,7 @@
}
int
-rb_memcmp(char *p1, char *p2, long len)
+rb_memcmp(const void *p1, const void *p2, long len)
{
if (!ruby_ignorecase) {
return memcmp(p1, p2, len);
@@ -97,10 +98,10 @@
}
long
-rb_memsearch(char *x0, long m, char *y0, long n)
+rb_memsearch(const void *x0, long m, const void *y0, long n)
{
- unsigned char *x = (unsigned char *)x0, *y = (unsigned char *)y0;
- unsigned char *s, *e;
+ const unsigned char *x = x0, *y = y0;
+ const unsigned char *s, *e;
long i;
int d;
unsigned long hx, hy;
@@ -151,7 +152,9 @@
return s-y;
}
+#define REG_LITERAL FL_USER5
#define REG_CASESTATE FL_USER0
+
#define KCODE_NONE 0
#define KCODE_EUC FL_USER1
#define KCODE_SJIS FL_USER2
@@ -167,10 +170,8 @@
#define ARG_KCODE_UTF8 (ARG_KCODE_UNIT * 4)
#define ARG_KCODE_MASK (ARG_KCODE_UNIT * 7)
-
static int reg_kcode = DEFAULT_KCODE;
-
static int char_to_option(int c)
{
int val;
@@ -920,7 +921,7 @@
if (r != 0) {
(void )onig_error_code_to_str((UChar*)err, r, &einfo);
- rb_reg_raise(pattern, RREGEXP(re)->len, err, re, Qfalse);
+ rb_reg_raise((char*)pattern, RREGEXP(re)->len, err, re, Qfalse);
}
}
}
@@ -1243,12 +1244,12 @@
}
static int
-name_to_backref_number(struct re_registers *regs, VALUE regexp, char* name, char* name_end)
+name_to_backref_number(struct re_registers *regs, VALUE regexp, const char* name, const char* name_end)
{
int num;
num = onig_name_to_backref_number(RREGEXP(regexp)->ptr,
- (unsigned char* )name, (unsigned char* )name_end, regs);
+ (const unsigned char* )name, (const unsigned char* )name_end, regs);
if (num >= 1) {
return num;
}
@@ -1297,7 +1298,7 @@
}
}
else {
- char *p;
+ const char *p;
int num;
switch (TYPE(idx)) {
@@ -1332,6 +1333,8 @@
/*
* call-seq:
+ if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: can't modify regexp");
* mtch.select([index]*) => array
*
* Uses each <i>index</i> to access the matching values, returning an array of
@@ -1433,6 +1436,11 @@
{
struct RRegexp *re = RREGEXP(obj);
+ if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: can't modify regexp");
+ rb_check_frozen(obj);
+ if (FL_TEST(obj, REG_LITERAL))
+ rb_raise(rb_eSecurityError, "can't modify literal regexp");
if (re->ptr) onig_free(re->ptr);
if (re->str) free(re->str);
re->ptr = 0;
@@ -1455,6 +1463,7 @@
if (options & ARG_KCODE_MASK) {
kcode_reset_option();
}
+ if (ce) FL_SET(obj, REG_LITERAL);
}
static VALUE
@@ -1756,7 +1765,6 @@
long len;
int flags = 0;
- rb_check_frozen(self);
if (argc == 0 || argc > 3) {
rb_raise(rb_eArgError, "wrong number of arguments");
}
--
ML: yarv-diff quickml.atdot.net
Info: http://www.atdot.net/~ko1/quickml