Skip to content

Commit 20e3059

Browse files
author
matz
committed
substr() taint
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/v1_1r@269 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
1 parent c30c3bf commit 20e3059

File tree

3 files changed

+24
-17
lines changed

3 files changed

+24
-17
lines changed

ChangeLog

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
Thu Jul 16 22:58:48 1998 Yukihiro Matsumoto <matz@netlab.co.jp>
2+
3+
* string.c (scan_once): substrings to the block should not be
4+
tainted. use reg_nth_match(), not str_substr().
5+
6+
* string.c (str_substr): needed to transfer taint.
7+
18
Wed Jul 15 15:11:57 1998 Yukihiro Matsumoto <matz@netlab.co.jp>
29

310
* experimental release 1.1b9_31.

lib/cgi-lib.rb

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,18 +53,16 @@ def initialize(input = $stdin)
5353
when "GET"
5454
# exception messages should be printed to stdout.
5555
STDERR.reopen(STDOUT)
56-
5756
ENV['QUERY_STRING'] or ""
5857
when "POST"
5958
# exception messages should be printed to stdout.
6059
STDERR.reopen(STDOUT)
61-
62-
input.read ENV['CONTENT_LENGTH'].to_i
60+
input.read Integer(ENV['CONTENT_LENGTH'])
6361
else
6462
read_from_cmdline
6563
end.split(/&/).each do |x|
6664
key, val = x.split(/=/,2).collect{|x|unescape(x)}
67-
if @inputs.include?('key')
65+
if @inputs.include?(key)
6866
@inputs[key] += "\0" + (val or "")
6967
else
7068
@inputs[key] = (val or "")

string.c

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -287,6 +287,8 @@ str_substr(str, start, len)
287287
VALUE str;
288288
int start, len;
289289
{
290+
VALUE str2;
291+
290292
if (start < 0) {
291293
start = RSTRING(str)->len + start;
292294
}
@@ -297,7 +299,10 @@ str_substr(str, start, len)
297299
len = RSTRING(str)->len - start;
298300
}
299301

300-
return str_new(RSTRING(str)->ptr+start, len);
302+
str2 = str_new(RSTRING(str)->ptr+start, len);
303+
if (str_tainted(str)) str_taint(str2);
304+
305+
return str2;
301306
}
302307

303308
static VALUE
@@ -972,7 +977,7 @@ str_sub_iter_s(str, pat, once)
972977
VALUE pat;
973978
int once;
974979
{
975-
VALUE val, result;
980+
VALUE val, match, result;
976981
int beg, offset, n;
977982
struct re_registers *regs;
978983

@@ -998,10 +1003,11 @@ str_sub_iter_s(str, pat, once)
9981003
while ((beg=reg_search(pat, str, offset, 0)) >= 0) {
9991004

10001005
n++;
1001-
regs = RMATCH(backref_get())->regs;
1006+
match = backref_get();
1007+
regs = RMATCH(match)->regs;
10021008
str_cat(result, RSTRING(str)->ptr+offset, beg-offset);
10031009

1004-
val = obj_as_string(rb_yield(reg_nth_match(0, backref_get())));
1010+
val = obj_as_string(rb_yield(reg_nth_match(0, match)));
10051011
str_cat(result, RSTRING(val)->ptr, RSTRING(val)->len);
10061012

10071013
if (BEG(0) == END(0)) {
@@ -2391,29 +2397,25 @@ scan_once(str, pat, start)
23912397
VALUE str, pat;
23922398
int *start;
23932399
{
2394-
VALUE result;
2400+
VALUE result, match;
23952401
struct re_registers *regs;
23962402
int i;
23972403

23982404
if (reg_search(pat, str, *start, 0) >= 0) {
2399-
regs = RMATCH(backref_get())->regs;
2405+
match = backref_get();
2406+
regs = RMATCH(match)->regs;
24002407
if (END(0) == *start) {
24012408
*start = END(0)+1;
24022409
}
24032410
else {
24042411
*start = END(0);
24052412
}
24062413
if (regs->num_regs == 1) {
2407-
return str_substr(str, BEG(0), END(0)-BEG(0));
2414+
return reg_nth_match(0, match);
24082415
}
24092416
result = ary_new2(regs->num_regs);
24102417
for (i=1; i < regs->num_regs; i++) {
2411-
if (BEG(i) == -1) {
2412-
ary_push(result, Qnil);
2413-
}
2414-
else {
2415-
ary_push(result, str_substr(str, BEG(i), END(i)-BEG(i)));
2416-
}
2418+
ary_push(result, reg_nth_match(i, match));
24172419
}
24182420

24192421
return result;

0 commit comments

Comments
 (0)