diff options
author | marcandre <marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-09-21 16:12:46 +0000 |
---|---|---|
committer | marcandre <marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-09-21 16:12:46 +0000 |
commit | cf69eeab9cb15220d73d371bbadb9bde1681af47 (patch) | |
tree | 49bb373c918868e209898fa349a51cd09aedcd60 | |
parent | 2d8a79fa473151d5972c8f72d6b73de98081a14a (diff) | |
download | ruby-cf69eeab9cb15220d73d371bbadb9bde1681af47.tar.gz |
* ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25017 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ext/openssl/ossl_config.c | 10 |
2 files changed, 15 insertions, 0 deletions
@@ -1,3 +1,8 @@ +Tue Sep 22 01:10:02 2009 Marc-Andre Lafortune <ruby-core@marc-andre.ca> + + * ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): + Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377] + Mon Sep 21 17:12:10 2009 Nobuyoshi Nakada <nobu@ruby-lang.org> * proc.c (proc_binding): allow proc from method. [ruby-core:25589] diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index bbd4975031..aac51f9f5d 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -192,10 +192,19 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) #endif } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_UNTRUSTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + #if !defined(OSSL_NO_CONF_API) static VALUE ossl_config_add_value_m(VALUE self, VALUE section, VALUE name, VALUE value) { + rb_ossl_config_modify_check(self); return ossl_config_add_value(self, section, name, value); } #else @@ -257,6 +266,7 @@ ossl_config_set_section(VALUE self, VALUE section, VALUE hash) { VALUE arg[2]; + rb_ossl_config_modify_check(self); arg[0] = self; arg[1] = section; rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg); |