Permalink
Browse files

keep the Object's status of untrusted

  • Loading branch information...
Watson1978 committed Jul 28, 2012
1 parent 119768c commit 525387e0dfc8f0c2469f0896751f9c7c7e4cd867
Showing with 21 additions and 0 deletions.
  1. +21 −0 marshal.c
View
@@ -137,6 +137,7 @@ struct dump_arg {
st_table *symbols;
st_table *data;
int taint;
+ int untrust;
st_table *compat_tbl;
VALUE wrapper;
st_table *encodings;
@@ -194,6 +195,9 @@ w_nbyte(const char *s, int n, struct dump_arg *arg)
if (arg->taint) {
OBJ_TAINT(buf);
}
+ if (arg->untrust) {
+ OBJ_UNTRUST(buf);
+ }
rb_io_write(arg->dest, buf);
rb_str_resize(buf, 0);
}
@@ -642,6 +646,9 @@ w_object(VALUE obj, struct dump_arg *arg, int limit)
if (OBJ_TAINTED(obj)) {
arg->taint = Qtrue;
}
+ if (OBJ_UNTRUSTED(obj)) {
+ arg->untrust = Qtrue;
+ }
if (rb_respond_to(obj, s_mdump)) {
volatile VALUE v;
@@ -890,6 +897,9 @@ dump_ensure(struct dump_arg *arg)
if (arg->taint) {
OBJ_TAINT(arg->str);
}
+ if (arg->untrust) {
+ OBJ_UNTRUST(arg->str);
+ }
return 0;
}
@@ -975,6 +985,7 @@ marshal_dump(VALUE self, SEL sel, int argc, VALUE *argv)
GC_WB(&arg->symbols, st_init_numtable());
GC_WB(&arg->data, st_init_numtable());
arg->taint = Qfalse;
+ arg->untrust = Qfalse;
GC_WB(&arg->compat_tbl, st_init_numtable());
GC_WB(&arg->wrapper, Data_Wrap_Struct(rb_cData, NULL, 0, arg));
arg->encodings = 0;
@@ -1005,6 +1016,7 @@ struct load_arg {
st_table *data;
VALUE proc;
int taint;
+ int untrust;
st_table *compat_tbl;
VALUE wrapper;
};
@@ -1135,6 +1147,9 @@ r_bytes0(long len, struct load_arg *arg)
if (OBJ_TAINTED(str)) {
arg->taint = Qtrue;
}
+ if (OBJ_UNTRUSTED(str)) {
+ arg->untrust = Qtrue;
+ }
}
return str;
}
@@ -1205,6 +1220,11 @@ r_entry(VALUE v, struct load_arg *arg)
if ((VALUE)real_obj != Qundef)
OBJ_TAINT((VALUE)real_obj);
}
+ if (arg->untrust) {
+ OBJ_UNTRUST(v);
+ if ((VALUE)real_obj != Qundef)
+ OBJ_UNTRUST((VALUE)real_obj);
+ }
return v;
}
@@ -1738,6 +1758,7 @@ marshal_load(VALUE self, SEL sel, int argc, VALUE *argv)
else {
rb_raise(rb_eTypeError, "instance of IO needed");
}
+ arg->untrust = OBJ_UNTRUSTED(port);
GC_WB(&arg->src, port);
arg->offset = 0;
GC_WB(&arg->symbols, st_init_numtable());

0 comments on commit 525387e

Please sign in to comment.