diff options
Diffstat (limited to 'main/ruby/ruby-1.9.3-backport-from-trunk-rev37068.patch')
| -rw-r--r-- | main/ruby/ruby-1.9.3-backport-from-trunk-rev37068.patch | 103 |
1 files changed, 0 insertions, 103 deletions
diff --git a/main/ruby/ruby-1.9.3-backport-from-trunk-rev37068.patch b/main/ruby/ruby-1.9.3-backport-from-trunk-rev37068.patch deleted file mode 100644 index ed94e738fa..0000000000 --- a/main/ruby/ruby-1.9.3-backport-from-trunk-rev37068.patch +++ /dev/null @@ -1,103 +0,0 @@ -Patch from trunk for CVE-2012-4464, CVE-2012-4466 -Part for test/ruby/test_exception.rb was adjusted for ruby 1.9.3 - -Mamoru Tasaka <mtasaka@fedoraproject.org> - ------------------------------------------------------------------------- -r37068 | shugo | 2012-10-03 02:25:10 +0900 (Wed, 03 Oct 2012) | 2 lines - -* error.c (exc_to_s, name_err_to_s, name_err_mesg_to_str): do not - taint messages. ------------------------------------------------------------------------- -Index: error.c -=================================================================== ---- ./error.c (revision 37067) -+++ ./error.c (revision 37068) -@@ -635,7 +635,6 @@ - - if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); - r = rb_String(mesg); -- OBJ_INFECT(r, exc); - return r; - } - -@@ -996,11 +995,7 @@ - - if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); - StringValue(str); -- if (str != mesg) { -- rb_iv_set(exc, "mesg", mesg = str); -- } -- OBJ_INFECT(mesg, exc); -- return mesg; -+ return str; - } - - /* -@@ -1131,7 +1126,6 @@ - args[2] = d; - mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args); - } -- OBJ_INFECT(mesg, obj); - return mesg; - } - -Index: test/ruby/test_exception.rb -=================================================================== ---- ./test/ruby/test_exception.rb (revision 37067) -+++ ./test/ruby/test_exception.rb (modified) -@@ -333,4 +333,54 @@ - load(t.path) - end - end -+ -+ def test_to_s_taintness_propagation -+ for exc in [Exception, NameError] -+ m = "abcdefg" -+ e = exc.new(m) -+ e.taint -+ s = e.to_s -+ assert_equal(false, m.tainted?, -+ "#{exc}#to_s should not propagate taintness") -+ assert_equal(false, s.tainted?, -+ "#{exc}#to_s should not propagate taintness") -+ end -+ -+ o = Object.new -+ def o.to_str -+ "foo" -+ end -+ o.taint -+ e = NameError.new(o) -+ s = e.to_s -+ assert_equal(false, s.tainted?) -+ end -+ -+ def test_exception_to_s_should_not_propagate_untrustedness -+ favorite_lang = "Ruby" -+ -+ for exc in [Exception, NameError] -+ assert_raise(SecurityError) do -+ lambda { -+ $SAFE = 4 -+ exc.new(favorite_lang).to_s -+ favorite_lang.replace("Python") -+ }.call -+ end -+ end -+ -+ assert_raise(SecurityError) do -+ lambda { -+ $SAFE = 4 -+ o = Object.new -+ o.singleton_class.send(:define_method, :to_str) { -+ favorite_lang -+ } -+ NameError.new(o).to_s -+ favorite_lang.replace("Python") -+ }.call -+ end -+ -+ assert_equal("Ruby", favorite_lang) -+ end - end |