diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | marshal.c | 3 | ||||
-rw-r--r-- | test/ruby/test_marshal.rb | 18 |
3 files changed, 28 insertions, 1 deletions
@@ -1,3 +1,11 @@ +Thu Dec 13 14:10:00 2012 Shugo Maeda <shugo@ruby-lang.org> + + * marshal.c (r_entry0): don't taint classes and modules because + Marshal.load just return the dumped classes and modules. + [Bug #7325] [ruby-core:49198] + + * test/ruby/test_marshal.rb: related test. + Thu Dec 13 14:10:13 2012 NAKAMURA Usaku <usa@ruby-lang.org> * test/ruby/test_require.rb (TestRequire#test_loaded_features_encoding): @@ -1323,7 +1323,8 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg) else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection) { + if (arg->infection && + TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) { FL_SET(v, arg->infection); if ((VALUE)real_obj != Qundef) FL_SET((VALUE)real_obj, arg->infection); diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index e68839472d..bc5ee6295d 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -499,4 +499,22 @@ class TestMarshal < Test::Unit::TestCase ary = [ [2.0, e], [e] ] assert_equal(ary, Marshal.load(Marshal.dump(ary)), bug7348) end + + class TestClass + end + + module TestModule + end + + def test_marshal_load_should_not_taint_classes + bug7325 = '[ruby-core:49198]' + for c in [TestClass, TestModule] + assert(!c.tainted?) + assert(!c.untrusted?) + c2 = Marshal.load(Marshal.dump(c).taint.untrust) + assert_same(c, c2) + assert(!c.tainted?, bug7325) + assert(!c.untrusted?, bug7325) + end + end end |