Skip to content

Commit c8d1c38

Browse files
author
matz
committed
* eval.c (rb_call0): wrong condition for $SAFE restoration.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@9254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
1 parent 05d94d5 commit c8d1c38

File tree

2 files changed

+21
-9
lines changed

2 files changed

+21
-9
lines changed

eval.c

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -242,8 +242,10 @@ rb_clear_cache_by_class(klass)
242242
}
243243
}
244244

245-
#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4)
245+
#define NOEX_TAINTED 8
246246
#define NOEX_SAFE(n) ((n) >> 4)
247+
#define NOEX_WITH(n, v) ((n) | (v) << 4)
248+
#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
247249

248250
void
249251
rb_add_method(klass, mid, node, noex)
@@ -4468,12 +4470,16 @@ rb_call0(klass, recv, id, argc, argv, body, flags)
44684470
}
44694471
b2 = body = body->nd_next;
44704472

4471-
PUSH_VARS();
4472-
PUSH_TAG(PROT_FUNC);
44734473
if (NOEX_SAFE(flags) > ruby_safe_level) {
4474+
if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
4475+
rb_raise(rb_eSecurityError, "calling insecure method: %s",
4476+
rb_id2name(id));
4477+
}
44744478
safe = ruby_safe_level;
44754479
ruby_safe_level = NOEX_SAFE(flags);
44764480
}
4481+
PUSH_VARS();
4482+
PUSH_TAG(PROT_FUNC);
44774483
if ((state = EXEC_TAG()) == 0) {
44784484
NODE *node = 0;
44794485
int i;
@@ -6756,11 +6762,17 @@ method_call(argc, argv, method)
67566762
{
67576763
VALUE result;
67586764
struct METHOD *data;
6765+
int safe;
67596766

67606767
Data_Get_Struct(method, struct METHOD, data);
6768+
if (OBJ_TAINTED(method)) {
6769+
safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
6770+
}
6771+
else {
6772+
safe = data->safe_level;
6773+
}
67616774
PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
6762-
result = rb_call0(data->klass,data->recv,data->id,argc,argv,data->body,
6763-
data->safe_level);
6775+
result = rb_call0(data->klass,data->recv,data->id,argc,argv,data->body,safe);
67646776
POP_ITER();
67656777
return result;
67666778
}

version.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
#define RUBY_VERSION "1.6.8"
2-
#define RUBY_RELEASE_DATE "2005-09-01"
2+
#define RUBY_RELEASE_DATE "2005-09-21"
33
#define RUBY_VERSION_CODE 168
4-
#define RUBY_RELEASE_CODE 20050901
4+
#define RUBY_RELEASE_CODE 20050921
55

66
#define RUBY_VERSION_MAJOR 1
77
#define RUBY_VERSION_MINOR 6
88
#define RUBY_VERSION_TEENY 8
99
#define RUBY_RELEASE_YEAR 2005
10-
#define RUBY_RELEASE_MONTH 9
11-
#define RUBY_RELEASE_DAY 1
10+
#define RUBY_RELEASE_MONTH 09
11+
#define RUBY_RELEASE_DAY 21

0 commit comments

Comments
 (0)