diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-08-11 11:33:44 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-08-11 11:33:44 +0000 |
commit | 199a95775b4f0e8d7ecab2946b8d7c250a695f40 (patch) | |
tree | 623e6cac5cbf684b9066f66b4c5aae7375439f86 /ext | |
parent | 35b6abbca2cb419aae599d04e5855e33a97935dd (diff) | |
download | ruby-199a95775b4f0e8d7ecab2946b8d7c250a695f40.tar.gz |
* ext/dl/cfunc.c (rb_dlcfunc_call): add taint check.
* ext/dl/dl.c (rb_dl_malloc): add rb_secure(2).
* ext/dl/dl.c (rb_dl_realloc): ditto.
* ext/dl/dl.c (rb_dl_free): ditto.
* ext/dl/dl.c (rb_dl_ptr2value): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/dl/cfunc.c | 1 | ||||
-rw-r--r-- | ext/dl/cptr.c | 20 | ||||
-rw-r--r-- | ext/dl/dl.c | 5 |
3 files changed, 18 insertions, 8 deletions
diff --git a/ext/dl/cfunc.c b/ext/dl/cfunc.c index 22e8600002..724c290f2f 100644 --- a/ext/dl/cfunc.c +++ b/ext/dl/cfunc.c @@ -260,6 +260,7 @@ rb_dlcfunc_call(VALUE self, VALUE ary) if( i >= DLSTACK_SIZE ){ rb_raise(rb_eDLError, "too many arguments (stack overflow)"); } + rb_check_safe_obj(RARRAY_PTR(ary)[i]); stack[i] = NUM2LONG(RARRAY_PTR(ary)[i]); } diff --git a/ext/dl/cptr.c b/ext/dl/cptr.c index aeb1852b48..b5f1e239e4 100644 --- a/ext/dl/cptr.c +++ b/ext/dl/cptr.c @@ -416,29 +416,33 @@ rb_dlptr_size(int argc, VALUE argv[], VALUE self) VALUE rb_dlptr_s_to_ptr(VALUE self, VALUE val) { - if( rb_obj_is_kind_of(val, rb_cIO) == Qtrue ){ + VALUE ptr; + + if (rb_obj_is_kind_of(val, rb_cIO) == Qtrue){ rb_io_t *fptr; FILE *fp; GetOpenFile(val, fptr); fp = rb_io_stdio_file(fptr); - return rb_dlptr_new(fp, 0, NULL); + ptr = rb_dlptr_new(fp, 0, NULL); } - else if( rb_obj_is_kind_of(val, rb_cString) == Qtrue ){ + else if (rb_obj_is_kind_of(val, rb_cString) == Qtrue){ char *ptr = StringValuePtr(val); - return rb_dlptr_new(ptr, RSTRING_LEN(val), NULL); + ptr = rb_dlptr_new(ptr, RSTRING_LEN(val), NULL); } - else if( rb_respond_to(val, id_to_ptr) ){ + else if (rb_respond_to(val, id_to_ptr)){ VALUE vptr = rb_funcall(val, id_to_ptr, 0); - if( rb_obj_is_kind_of(vptr, rb_cDLCPtr) ){ - return vptr; + if (rb_obj_is_kind_of(vptr, rb_cDLCPtr)){ + ptr = vptr; } else{ rb_raise(rb_eDLError, "to_ptr should return a CPtr object"); } } else{ - return rb_dlptr_new(NUM2PTR(rb_Integer(val)), 0, NULL); + ptr = rb_dlptr_new(NUM2PTR(rb_Integer(val)), 0, NULL); } + OBJ_INFECT(ptr, val); + return ptr; } void diff --git a/ext/dl/dl.c b/ext/dl/dl.c index e4bd4d41e9..0427dfb3f3 100644 --- a/ext/dl/dl.c +++ b/ext/dl/dl.c @@ -22,6 +22,7 @@ rb_dl_malloc(VALUE self, VALUE size) { void *ptr; + rb_secure(4); ptr = (void*)ruby_xmalloc(NUM2INT(size)); return PTR2NUM(ptr); } @@ -31,6 +32,7 @@ rb_dl_realloc(VALUE self, VALUE addr, VALUE size) { void *ptr = NUM2PTR(addr); + rb_secure(4); ptr = (void*)ruby_xrealloc(ptr, NUM2INT(size)); return PTR2NUM(ptr); } @@ -39,6 +41,8 @@ VALUE rb_dl_free(VALUE self, VALUE addr) { void *ptr = NUM2PTR(addr); + + rb_secure(4); ruby_xfree(ptr); return Qnil; } @@ -46,6 +50,7 @@ rb_dl_free(VALUE self, VALUE addr) VALUE rb_dl_ptr2value(VALUE self, VALUE addr) { + rb_secure(4); return (VALUE)NUM2PTR(addr); } |