* ext/fiddle/handle.c: check tainted string arguments.

Patch provided by tenderlove and nobu. * test/fiddle/test_handle.rb (class TestHandle): add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53153 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-12-16 12:08:49 +0000
committer: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-12-16 12:08:49 +0000
commit: b1cd31e284ecf601dad1a62491c7e24d7952f276 (patch)
tree: 97a2de4140f10c60d5b748c38e2ad3b060330b3a /test/fiddle/test_handle.rb
parent: f186e863fcf8b5d9ceae6e033cbb9205604217bd (diff)
download: ruby-b1cd31e284ecf601dad1a62491c7e24d7952f276.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/test/fiddle/test_handle.rb b/test/fiddle/test_handle.rb
index f14357c6cb..fecf366f4f 100644
--- a/test/fiddle/test_handle.rb
+++ b/test/fiddle/test_handle.rb
@@ -10,6 +10,23 @@ module Fiddle
 
     include Test::Unit::Assertions
 
+    def test_safe_handle_open
+      t = Thread.new do
+        $SAFE = 1
+        Fiddle::Handle.new(LIBC_SO.taint)
+      end
+      assert_raise(SecurityError) { t.value }
+    end
+
+    def test_safe_function_lookup
+      t = Thread.new do
+        h = Fiddle::Handle.new(LIBC_SO)
+        $SAFE = 1
+        h["qsort".taint]
+      end
+      assert_raise(SecurityError) { t.value }
+    end
+
     def test_to_i
       handle = Fiddle::Handle.new(LIBC_SO)
       assert_kind_of Integer, handle.to_i
author	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-12-16 12:08:49 +0000
committer	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-12-16 12:08:49 +0000
commit	b1cd31e284ecf601dad1a62491c7e24d7952f276 (patch)
tree	97a2de4140f10c60d5b748c38e2ad3b060330b3a /test/fiddle/test_handle.rb
parent	f186e863fcf8b5d9ceae6e033cbb9205604217bd (diff)
download	ruby-b1cd31e284ecf601dad1a62491c7e24d7952f276.tar.gz