I don't know who uses the load_mime_types method; but it is
conceivable that a user would want to read the results of a
command instead of reading a regular file to load MIME types.
None of the WEBrick-related code in Ruby or default/bundled gems
seems to rely on this method; but it is likely 3rd-party code does.
* lib/webrick/httputils.rb (load_mime_types): note Kernel#open behavior
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Allowing a user to specify "| command" via Kernel#open is
nonsensical since we never read from the resultant IO.
* lib/webrick/log.rb (initialize): replace Kernel#open with File.open
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This previously had no coverage.
* test/webrick/test_filehandler.rb (test_erbhandler): new test
* test/webrick/webrick.rhtml: new file for test
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen already takes string path names as well as IO objects
(but not "| command" strings)
This makes further auditing for inadvertant code execution
easier. There's no actual bugfix or behavior change here,
as no external data is passed to cgi_runner.rb.
* lib/webrick/httpservlet/cgi_runner.rb: remove Kernel#open call
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61398 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (str_undump): use rb_enc_find_index2 to find encoding
by unterminated string. check the format before encoding name.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61396 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This change (ad-hocly) adjusts the code range of NODE_SCOPE in
class/module definition because the same adjust is already done in
method definition. I intend to just remove inconsistency between
class/module definition and method definition, but this kind of adjust
is dirty, so it should be fixed later (maybe in 2.6).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61383 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
New IMEMO types were introduced, this just fixes the function that
converts the type to support the new types.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61377 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Since we release GVL, we must freeze and duplicate the string buffer
to prevent other threads from modifying our buffer while we are
waiting on pwrite(2).
* io.c (rb_io_pwrite): use_rb_str_tmp_frozen_{acquire/release}
[Bug #14195]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61376 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* spec/ruby/core/thread/element_set_spec.rb: `t` can be uninitialized.
Use `Thread.current` explicitly.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61375 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/resolv/test_addr.rb (test_hosts_by_command): on Windows, `|` is
invalid charactor for path and raises `Errno::EINVAL` if trying to
open.
* test/resolv/test_dns.rb (test_resolv_conf_by_command): ditto.
cf. [Bug #14205]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61374 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* compile.c (compile_branch_condition): replace block param value
in branch conditions with `defined(yield)`, to get rid of
creating proc value.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61371 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* iseq.c (rb_insn_operand_intern): show local variable name at
getblockparam/setblockparam too.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61360 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
like r59693, initialize_http_header also should raise error. [Bug #14208]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61359 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This change introduces get_insn_info_binary_search, which is (should be)
equivalent to the old get_insn_info.
The old get_insn_info is renamed to get_insn_info_linear_search. When
VM_CHECK_MODE > 0, the equivalence is validated at finish_iseq_build.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61353 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2.5's line coverage measurement was about two times slower than 2.4
because of two reasons; (1) vm_trace uses rb_iseq_event_flags (which
takes O(n) currently where n is the length of iseq) to get an event
type, and (2) RUBY_EVENT_LINE uses setjmp to call an event hook.
This change adds a special event for line coverage,
RUBY_EVENT_COVERAGE_LINE, and adds `tracecoverage` instructions where
the event occurs in iseq.
`tracecoverage` instruction calls an event hook without vm_trace.
And, RUBY_EVENT_COVERAGE_LINE is an internal event which does not
use setjmp.
This change also cancells lineno change due to the deletion of trace
instructions [Feature #14104]. So fixes [Bug #14191].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61350 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_process.rb (test_threading_works_after_exec_fail):
extend timeout limit from 30 to 90 because some test nodes fails
with timeout error.
Also use a Queue instead of a local variable to communicate with
threads.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61347 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* parse.y (parser_yylex): deal with end of script chars just after
ignored newline as other places. [ruby-core:84349] [Bug #14206]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_process.rb (TestProcess#test_aspawn_too_long_path):
skip test_aspawn_too_long_path on Solaris 10 or earlier versions
because they lack Process::RLIMIT_NPROC and the test creates
extraordinary number of processes that makes the system unstable.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61345 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* pack.c (pack_unpack, AVOID_CC_BUG): Very ugly workaround for
optimization bug of Oracle Developer Studio (Oracle Solaris Studio)
12.4, 12.5, and 12.6 on Solaris 10 with -xO4 optimization option.
[Bug #11684] [ruby-core:84351]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61344 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
nobu
normal
svn
shugo
akr
hsbt
eregon
ko1
yui-knk
mame
naruse
sonots
tenderlove
usa
stomar
ngoto