github
/
ruby
зеркало из https://github.com/github/ruby.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

* file.c (rb_find_file_ext_safe, rb_find_file_safe): skip argument 

checks in file_expand_path().


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26794 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2010-03-02 05:29:27 +00:00
Родитель b25434f6a9
Коммит 9c45868b41
2 изменённых файлов: 25 добавлений и 7 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
ChangeLog
Просмотреть файл

@ -1,3 +1,8 @@
Tue Mar 2 14:29:24 2010 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (rb_find_file_ext_safe, rb_find_file_safe): skip argument
checks in file_expand_path().
Tue Mar 2 13:54:44 2010 Marc-Andre Lafortune <ruby-core@marc-andre.ca> Tue Mar 2 13:54:44 2010 Marc-Andre Lafortune <ruby-core@marc-andre.ca>
* test/ruby/test_math.rb: Fix lgamma test * test/ruby/test_math.rb: Fix lgamma test

27
file.c
Просмотреть файл

@ -2752,7 +2752,6 @@ file_expand_path(VALUE fname, VALUE dname, int abs_mode, VALUE result)
int tainted; int tainted;
rb_encoding *extenc = 0; rb_encoding *extenc = 0;
FilePathValue(fname);
s = StringValuePtr(fname); s = StringValuePtr(fname);
BUFINIT(); BUFINIT();
tainted = OBJ_TAINTED(fname); tainted = OBJ_TAINTED(fname);
@ -3012,10 +3011,23 @@ file_expand_path(VALUE fname, VALUE dname, int abs_mode, VALUE result)
return result; return result;
} }
#define EXPAND_PATH_BUFFER() rb_usascii_str_new(0, MAXPATHLEN + 2)
#define check_expand_path_args(fname, dname) \
((fname = rb_get_path(fname)), \
(NIL_P(dname) ? dname : (dname = rb_get_path(dname))))
static VALUE
file_expand_path_1(VALUE fname)
{
return file_expand_path(fname, Qnil, 0, EXPAND_PATH_BUFFER());
}
VALUE VALUE
rb_file_expand_path(VALUE fname, VALUE dname) rb_file_expand_path(VALUE fname, VALUE dname)
{ {
return file_expand_path(fname, dname, 0, rb_usascii_str_new(0, MAXPATHLEN + 2)); check_expand_path_args(fname, dname);
return file_expand_path(fname, dname, 0, EXPAND_PATH_BUFFER());
} }
/* /*
@ -3051,7 +3063,8 @@ rb_file_s_expand_path(int argc, VALUE *argv)
VALUE VALUE
rb_file_absolute_path(VALUE fname, VALUE dname) rb_file_absolute_path(VALUE fname, VALUE dname)
{ {
return file_expand_path(fname, dname, 1, rb_usascii_str_new(0, MAXPATHLEN + 2)); check_expand_path_args(fname, dname);
return file_expand_path(fname, dname, 1, EXPAND_PATH_BUFFER());
} }
/* /*
@ -4815,7 +4828,7 @@ rb_find_file_ext_safe(VALUE *filep, const char *const *ext, int safe_level)
if (!ext[0]) return 0; if (!ext[0]) return 0;
if (f[0] == '~') { if (f[0] == '~') {
fname = rb_file_expand_path(*filep, Qnil); fname = file_expand_path_1(fname);
if (safe_level >= 1 && OBJ_TAINTED(fname)) { if (safe_level >= 1 && OBJ_TAINTED(fname)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
} }
@ -4828,7 +4841,7 @@ rb_find_file_ext_safe(VALUE *filep, const char *const *ext, int safe_level)
if (safe_level >= 1 && !fpath_check(fname)) { if (safe_level >= 1 && !fpath_check(fname)) {
rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
} }
if (!expanded) fname = rb_file_expand_path(fname, Qnil); if (!expanded) fname = file_expand_path_1(fname);
fnlen = RSTRING_LEN(fname); fnlen = RSTRING_LEN(fname);
for (i=0; ext[i]; i++) { for (i=0; ext[i]; i++) {
rb_str_cat2(fname, ext[i]); rb_str_cat2(fname, ext[i]);
@ -4886,7 +4899,7 @@ rb_find_file_safe(VALUE path, int safe_level)
int expanded = 0; int expanded = 0;
if (f[0] == '~') { if (f[0] == '~') {
tmp = rb_file_expand_path(path, Qnil); tmp = file_expand_path_1(path);
if (safe_level >= 1 && OBJ_TAINTED(tmp)) { if (safe_level >= 1 && OBJ_TAINTED(tmp)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
} }
@ -4901,7 +4914,7 @@ rb_find_file_safe(VALUE path, int safe_level)
} }
if (!file_load_ok(f)) return 0; if (!file_load_ok(f)) return 0;
if (!expanded) if (!expanded)
path = copy_path_class(rb_file_expand_path(path, Qnil), path); path = copy_path_class(file_expand_path_1(path), path);
return path; return path;
} }