Blame ruby-1.8.4-fix-insecure-dir-operation.patch
|
|
f0df5e4 |
diff -ruN ruby-1.8.4.orig/dir.c ruby-1.8.4/dir.c
|
|
|
f0df5e4 |
--- ruby-1.8.4.orig/dir.c 2005-09-14 22:40:58.000000000 +0900
|
|
|
f0df5e4 |
+++ ruby-1.8.4/dir.c 2006-07-19 22:14:05.000000000 +0900
|
|
|
f0df5e4 |
@@ -325,7 +325,17 @@
|
|
|
f0df5e4 |
rb_raise(rb_eIOError, "closed directory");
|
|
|
f0df5e4 |
}
|
|
|
f0df5e4 |
|
|
|
f0df5e4 |
+static void
|
|
|
f0df5e4 |
+dir_check(dir)
|
|
|
f0df5e4 |
+ VALUE dir;
|
|
|
f0df5e4 |
+{
|
|
|
f0df5e4 |
+ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
|
|
|
f0df5e4 |
+ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
|
|
|
f0df5e4 |
+ rb_check_frozen(dir);
|
|
|
f0df5e4 |
+}
|
|
|
f0df5e4 |
+
|
|
|
f0df5e4 |
#define GetDIR(obj, dirp) do {\
|
|
|
f0df5e4 |
+ dir_check(dir);\
|
|
|
f0df5e4 |
Data_Get_Struct(obj, struct dir_data, dirp);\
|
|
|
f0df5e4 |
if (dirp->dir == NULL) dir_closed();\
|
|
|
f0df5e4 |
} while (0)
|
|
|
f0df5e4 |
@@ -536,6 +546,9 @@
|
|
|
f0df5e4 |
{
|
|
|
f0df5e4 |
struct dir_data *dirp;
|
|
|
f0df5e4 |
|
|
|
f0df5e4 |
+ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
|
|
|
f0df5e4 |
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
|
|
|
f0df5e4 |
+ }
|
|
|
f0df5e4 |
GetDIR(dir, dirp);
|
|
|
f0df5e4 |
closedir(dirp->dir);
|
|
|
f0df5e4 |
dirp->dir = NULL;
|