1
Description: fix safe level restriction bypass via DL and Fiddle
2
Origin: upstream, http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732
4
Index: ruby1.9.1-1.9.3.194/ext/dl/lib/dl/func.rb
5
===================================================================
6
--- ruby1.9.1-1.9.3.194.orig/ext/dl/lib/dl/func.rb 2010-06-25 15:43:15.000000000 -0400
7
+++ ruby1.9.1-1.9.3.194/ext/dl/lib/dl/func.rb 2013-11-26 11:33:08.377890767 -0500
12
+ if $SAFE >= 1 && args.any? { |x| x.tainted? }
13
+ raise SecurityError, "tainted parameter not allowed"
15
_args = wrap_args(args, @stack.types, funcs, &block)
16
r = @cfunc.call(@stack.pack(_args))
17
funcs.each{|f| f.unbind_at_call()}
18
Index: ruby1.9.1-1.9.3.194/ext/fiddle/function.c
19
===================================================================
20
--- ruby1.9.1-1.9.3.194.orig/ext/fiddle/function.c 2011-08-15 20:51:58.000000000 -0400
21
+++ ruby1.9.1-1.9.3.194/ext/fiddle/function.c 2013-11-26 11:33:12.265890867 -0500
24
TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif);
26
+ if (rb_safe_level() >= 1) {
27
+ for (i = 0; i < argc; i++) {
28
+ VALUE src = argv[i];
29
+ if (OBJ_TAINTED(src)) {
30
+ rb_raise(rb_eSecurityError, "tainted parameter not allowed");
35
values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *));
36
generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic));