diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-09-20 16:49:26 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-09-20 16:49:26 +0000 |
commit | c8d1c38a8fc4e638bade6493a0dd4758a62d85a2 (patch) | |
tree | f6e0588d039715d3f4ab4c9f42352fae5e344aa0 | |
parent | 05d94d5f4e23b0ee90d1eecbb5da655d5924d268 (diff) | |
download | ruby-c8d1c38a8fc4e638bade6493a0dd4758a62d85a2.tar.gz |
* eval.c (rb_call0): wrong condition for $SAFE restoration.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@9254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | eval.c | 22 | ||||
-rw-r--r-- | version.h | 8 |
2 files changed, 21 insertions, 9 deletions
@@ -242,8 +242,10 @@ rb_clear_cache_by_class(klass) } } -#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4) +#define NOEX_TAINTED 8 #define NOEX_SAFE(n) ((n) >> 4) +#define NOEX_WITH(n, v) ((n) | (v) << 4) +#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level) void rb_add_method(klass, mid, node, noex) @@ -4468,12 +4470,16 @@ rb_call0(klass, recv, id, argc, argv, body, flags) } b2 = body = body->nd_next; - PUSH_VARS(); - PUSH_TAG(PROT_FUNC); if (NOEX_SAFE(flags) > ruby_safe_level) { + if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) { + rb_raise(rb_eSecurityError, "calling insecure method: %s", + rb_id2name(id)); + } safe = ruby_safe_level; ruby_safe_level = NOEX_SAFE(flags); } + PUSH_VARS(); + PUSH_TAG(PROT_FUNC); if ((state = EXEC_TAG()) == 0) { NODE *node = 0; int i; @@ -6756,11 +6762,17 @@ method_call(argc, argv, method) { VALUE result; struct METHOD *data; + int safe; Data_Get_Struct(method, struct METHOD, data); + if (OBJ_TAINTED(method)) { + safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED; + } + else { + safe = data->safe_level; + } PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT); - result = rb_call0(data->klass,data->recv,data->id,argc,argv,data->body, - data->safe_level); + result = rb_call0(data->klass,data->recv,data->id,argc,argv,data->body,safe); POP_ITER(); return result; } @@ -1,11 +1,11 @@ #define RUBY_VERSION "1.6.8" -#define RUBY_RELEASE_DATE "2005-09-01" +#define RUBY_RELEASE_DATE "2005-09-21" #define RUBY_VERSION_CODE 168 -#define RUBY_RELEASE_CODE 20050901 +#define RUBY_RELEASE_CODE 20050921 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 6 #define RUBY_VERSION_TEENY 8 #define RUBY_RELEASE_YEAR 2005 -#define RUBY_RELEASE_MONTH 9 -#define RUBY_RELEASE_DAY 1 +#define RUBY_RELEASE_MONTH 09 +#define RUBY_RELEASE_DAY 21 |