Skip to content
Permalink
Browse files

* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen

  with a tainted name of library.
  Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.

* ext/dl/dl.c (rb_dlhandle_sym): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@23405 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
yugui committed May 11, 2009
1 parent 7269e3d commit 4600cf725a86ce31266153647ae5aa1197b1215b
Showing with 13 additions and 3 deletions.
  1. +8 −0 ChangeLog
  2. +5 −3 ext/dl/handle.c
@@ -1,3 +1,11 @@
Mon May 11 23:14:06 2009 Yuki Sonoda (Yugui) <yugui@yugui.jp>

* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen
with a tainted name of library.
Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.

* ext/dl/dl.c (rb_dlhandle_sym): ditto

Mon May 11 22:33:46 2009 Yuki Sonoda (Yugui) <yugui@yugui.jp>

* ext/dl/lib/dl/func.rb (DL::Function#call): prevents
@@ -5,6 +5,8 @@
#include <ruby.h>
#include "dl.h"

#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v))

VALUE rb_cDLHandle;

void
@@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self)
cflag = RTLD_LAZY | RTLD_GLOBAL;
break;
case 1:
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
cflag = RTLD_LAZY | RTLD_GLOBAL;
break;
case 2:
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
cflag = NUM2INT(flag);
break;
default:
@@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym)

rb_secure(2);

name = StringValuePtr(sym);
name = SafeStringValuePtr(sym);

Data_Get_Struct(self, struct dl_handle, dlhandle);
if( ! dlhandle->open ){

0 comments on commit 4600cf7

Please sign in to comment.
You can’t perform that action at this time.