Skip to content

Commit 339e11a

Browse files
committed
merge revision(s): 53153 and 23405@ruby_1_9_1
* ext/fiddle/handle.c: check tainted string arguments. Patch provided by tenderlove and nobu. * test/fiddle/test_handle.rb (class TestHandle): add test for above. * ext/dl/handle.c (rb_dlhandle_initialize): prohibits DL::dlopen with a tainted name of library. Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. * ext/dl/handle.c (rb_dlhandle_sym): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@53156 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
1 parent 7abafeb commit 339e11a

File tree

4 files changed

+43
-8
lines changed

4 files changed

+43
-8
lines changed

Diff for: ChangeLog

+15
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,18 @@
1+
Wed Dec 16 21:10:03 2015 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
2+
3+
* ext/fiddle/handle.c: check tainted string arguments.
4+
Patch provided by tenderlove and nobu.
5+
6+
* test/fiddle/test_handle.rb (class TestHandle): add test for above.
7+
8+
Wed Dec 16 21:10:36 2015 Yuki Sonoda (Yugui) <yugui@yugui.jp>
9+
10+
* ext/dl/handle.c (rb_dlhandle_initialize): prohibits DL::dlopen
11+
with a tainted name of library.
12+
Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.
13+
14+
* ext/dl/handle.c (rb_dlhandle_sym): ditto
15+
116
Wed Dec 16 16:13:04 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
217

318
* io.c (parse_mode_enc): fix buffer overflow.

Diff for: ext/fiddle/handle.c

+10-7
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
#include <ruby.h>
22
#include <fiddle.h>
33

4+
#define SafeStringValueCStr(v) (rb_check_safe_obj(rb_string_value(&v)), StringValueCStr(v))
5+
46
VALUE rb_cHandle;
57

68
struct dl_handle {
@@ -143,11 +145,11 @@ rb_fiddle_handle_initialize(int argc, VALUE argv[], VALUE self)
143145
cflag = RTLD_LAZY | RTLD_GLOBAL;
144146
break;
145147
case 1:
146-
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
148+
clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
147149
cflag = RTLD_LAZY | RTLD_GLOBAL;
148150
break;
149151
case 2:
150-
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
152+
clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
151153
cflag = NUM2INT(flag);
152154
break;
153155
default:
@@ -263,7 +265,7 @@ rb_fiddle_handle_to_i(VALUE self)
263265
return PTR2NUM(fiddle_handle);
264266
}
265267

266-
static VALUE fiddle_handle_sym(void *handle, const char *symbol);
268+
static VALUE fiddle_handle_sym(void *handle, VALUE symbol);
267269

268270
/*
269271
* Document-method: sym
@@ -282,7 +284,7 @@ rb_fiddle_handle_sym(VALUE self, VALUE sym)
282284
rb_raise(rb_eFiddleError, "closed handle");
283285
}
284286

285-
return fiddle_handle_sym(fiddle_handle->ptr, StringValueCStr(sym));
287+
return fiddle_handle_sym(fiddle_handle->ptr, sym);
286288
}
287289

288290
#ifndef RTLD_NEXT
@@ -305,11 +307,11 @@ rb_fiddle_handle_sym(VALUE self, VALUE sym)
305307
static VALUE
306308
rb_fiddle_handle_s_sym(VALUE self, VALUE sym)
307309
{
308-
return fiddle_handle_sym(RTLD_NEXT, StringValueCStr(sym));
310+
return fiddle_handle_sym(RTLD_NEXT, sym);
309311
}
310312

311313
static VALUE
312-
fiddle_handle_sym(void *handle, const char *name)
314+
fiddle_handle_sym(void *handle, VALUE symbol)
313315
{
314316
#if defined(HAVE_DLERROR)
315317
const char *err;
@@ -318,6 +320,7 @@ fiddle_handle_sym(void *handle, const char *name)
318320
# define CHECK_DLERROR
319321
#endif
320322
void (*func)();
323+
const char *name = SafeStringValueCStr(symbol);
321324

322325
rb_secure(2);
323326
#ifdef HAVE_DLERROR
@@ -367,7 +370,7 @@ fiddle_handle_sym(void *handle, const char *name)
367370
}
368371
#endif
369372
if( !func ){
370-
rb_raise(rb_eFiddleError, "unknown symbol \"%s\"", name);
373+
rb_raise(rb_eFiddleError, "unknown symbol \"%"PRIsVALUE"\"", symbol);
371374
}
372375

373376
return PTR2NUM(func);

Diff for: test/fiddle/test_handle.rb

+17
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,23 @@ class TestHandle < TestCase
1010

1111
include Test::Unit::Assertions
1212

13+
def test_safe_handle_open
14+
t = Thread.new do
15+
$SAFE = 1
16+
Fiddle::Handle.new(LIBC_SO.taint)
17+
end
18+
assert_raise(SecurityError) { t.value }
19+
end
20+
21+
def test_safe_function_lookup
22+
t = Thread.new do
23+
h = Fiddle::Handle.new(LIBC_SO)
24+
$SAFE = 1
25+
h["qsort".taint]
26+
end
27+
assert_raise(SecurityError) { t.value }
28+
end
29+
1330
def test_to_i
1431
handle = Fiddle::Handle.new(LIBC_SO)
1532
assert_kind_of Integer, handle.to_i

Diff for: version.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#define RUBY_VERSION "2.1.8"
22
#define RUBY_RELEASE_DATE "2015-12-16"
3-
#define RUBY_PATCHLEVEL 438
3+
#define RUBY_PATCHLEVEL 439
44

55
#define RUBY_RELEASE_YEAR 2015
66
#define RUBY_RELEASE_MONTH 12

0 commit comments

Comments
 (0)