ruby/ruby-1.8.4-fix-insecure-dir-operation.patch
Akira TAGOH f0df5e45d5 - security fixes.
- ruby-1.8.4-fix-insecure-dir-operation.patch:
- ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
    operations in the certain safe-level restrictions. (#199538)
- ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
    safe-level restrictions. (#199543)
2006-07-20 11:06:45 +00:00

32 lines
862 B
Diff

diff -ruN ruby-1.8.4.orig/dir.c ruby-1.8.4/dir.c
--- ruby-1.8.4.orig/dir.c 2005-09-14 22:40:58.000000000 +0900
+++ ruby-1.8.4/dir.c 2006-07-19 22:14:05.000000000 +0900
@@ -325,7 +325,17 @@
rb_raise(rb_eIOError, "closed directory");
}
+static void
+dir_check(dir)
+ VALUE dir;
+{
+ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
+ rb_check_frozen(dir);
+}
+
#define GetDIR(obj, dirp) do {\
+ dir_check(dir);\
Data_Get_Struct(obj, struct dir_data, dirp);\
if (dirp->dir == NULL) dir_closed();\
} while (0)
@@ -536,6 +546,9 @@
{
struct dir_data *dirp;
+ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
GetDIR(dir, dirp);
closedir(dirp->dir);
dirp->dir = NULL;