Skip to content
Permalink
Browse files Browse the repository at this point in the history
* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen
  with a tainted name of library.
  Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.

* ext/dl/dl.c (rb_dlhandle_sym): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@23405 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information
yugui committed May 11, 2009
1 parent 7269e3d commit 4600cf7
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
8 changes: 8 additions & 0 deletions ChangeLog
@@ -1,3 +1,11 @@
Mon May 11 23:14:06 2009 Yuki Sonoda (Yugui) <yugui@yugui.jp>

* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen
with a tainted name of library.
Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.

* ext/dl/dl.c (rb_dlhandle_sym): ditto

Mon May 11 22:33:46 2009 Yuki Sonoda (Yugui) <yugui@yugui.jp>

* ext/dl/lib/dl/func.rb (DL::Function#call): prevents
Expand Down
8 changes: 5 additions & 3 deletions ext/dl/handle.c
Expand Up @@ -5,6 +5,8 @@
#include <ruby.h>
#include "dl.h"

#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v))

VALUE rb_cDLHandle;

void
Expand Down Expand Up @@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self)
cflag = RTLD_LAZY | RTLD_GLOBAL;
break;
case 1:
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
cflag = RTLD_LAZY | RTLD_GLOBAL;
break;
case 2:
clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
cflag = NUM2INT(flag);
break;
default:
Expand Down Expand Up @@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym)

rb_secure(2);

name = StringValuePtr(sym);
name = SafeStringValuePtr(sym);

Data_Get_Struct(self, struct dl_handle, dlhandle);
if( ! dlhandle->open ){
Expand Down

0 comments on commit 4600cf7

Please sign in to comment.