diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | encoding.c | 1 | ||||
| -rw-r--r-- | test/ruby/test_encoding.rb | 5 | ||||
| -rw-r--r-- | transcode.c | 6 |
4 files changed, 18 insertions, 1 deletions
@@ -1,3 +1,10 @@ +Tue Sep 6 13:15:44 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * encoding.c (load_encoding): predefined encoding names are safe. + [ruby-dev:44469] [Bug #5279] + + * transcode.c (load_transcoder_entry): ditto. + Tue Sep 6 12:07:10 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> * transcode.c: enabled econv newline option. diff --git a/encoding.c b/encoding.c index e5bc75b4ef..57af9762e9 100644 --- a/encoding.c +++ b/encoding.c @@ -561,6 +561,7 @@ load_encoding(const char *name) else if (ISUPPER(*s)) *s = TOLOWER(*s); ++s; } + FL_UNSET(enclib, FL_TAINT|FL_UNTRUSTED); OBJ_FREEZE(enclib); ruby_verbose = Qfalse; ruby_debug = Qfalse; diff --git a/test/ruby/test_encoding.rb b/test/ruby/test_encoding.rb index 6a406ae237..3e2ad5d0d2 100644 --- a/test/ruby/test_encoding.rb +++ b/test/ruby/test_encoding.rb @@ -99,4 +99,9 @@ class TestEncoding < Test::Unit::TestCase str2 = Marshal.load(Marshal.dump(str2)) assert_equal(str, str2, '[ruby-dev:38596]') end + + def test_unsafe + bug5279 = '[ruby-dev:44469]' + assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279) + end end diff --git a/transcode.c b/transcode.c index 68ac71755c..482fb6bf17 100644 --- a/transcode.c +++ b/transcode.c @@ -370,6 +370,7 @@ load_transcoder_entry(transcoder_entry_t *entry) const char *lib = entry->lib; size_t len = strlen(lib); char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN]; + VALUE fn; entry->lib = NULL; @@ -377,7 +378,10 @@ load_transcoder_entry(transcoder_entry_t *entry) return NULL; memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1); memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len + 1); - if (!rb_require(path)) + fn = rb_str_new2(path); + FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); + OBJ_FREEZE(fn); + if (!rb_require_safe(fn, rb_safe_level())) return NULL; } |