diff options
author | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-12-13 05:12:55 +0000 |
---|---|---|
committer | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-12-13 05:12:55 +0000 |
commit | 0ac361f54060a26f771d8751f06bbd1013db2016 (patch) | |
tree | 12e63623bff4beb8561fd447d8c0e786f6abaad2 | |
parent | bfb08c1ece75101e36caef2a87ca74a3e07e92d4 (diff) | |
download | ruby-0ac361f54060a26f771d8751f06bbd1013db2016.tar.gz |
* marshal.c (r_entry0): don't taint classes and modules because
Marshal.load just return the dumped classes and modules.
[Bug #7325] [ruby-core:49198]
* test/ruby/test_marshal.rb: related test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38357 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | marshal.c | 3 | ||||
-rw-r--r-- | test/ruby/test_marshal.rb | 18 |
3 files changed, 28 insertions, 1 deletions
@@ -1,3 +1,11 @@ +Thu Dec 13 14:10:00 2012 Shugo Maeda <shugo@ruby-lang.org> + + * marshal.c (r_entry0): don't taint classes and modules because + Marshal.load just return the dumped classes and modules. + [Bug #7325] [ruby-core:49198] + + * test/ruby/test_marshal.rb: related test. + Thu Dec 13 14:10:13 2012 NAKAMURA Usaku <usa@ruby-lang.org> * test/ruby/test_require.rb (TestRequire#test_loaded_features_encoding): @@ -1323,7 +1323,8 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg) else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection) { + if (arg->infection && + TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) { FL_SET(v, arg->infection); if ((VALUE)real_obj != Qundef) FL_SET((VALUE)real_obj, arg->infection); diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index e68839472d..bc5ee6295d 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -499,4 +499,22 @@ class TestMarshal < Test::Unit::TestCase ary = [ [2.0, e], [e] ] assert_equal(ary, Marshal.load(Marshal.dump(ary)), bug7348) end + + class TestClass + end + + module TestModule + end + + def test_marshal_load_should_not_taint_classes + bug7325 = '[ruby-core:49198]' + for c in [TestClass, TestModule] + assert(!c.tainted?) + assert(!c.untrusted?) + c2 = Marshal.load(Marshal.dump(c).taint.untrust) + assert_same(c, c2) + assert(!c.tainted?, bug7325) + assert(!c.untrusted?, bug7325) + end + end end |