Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a2958f6

Browse files
nagachikanagachika
committed
merge revision(s) 65125:
 infect taint flag on Array#pack and String#unpack with the directives "B", "b", "H" and "h". * pack.c (pack_pack, pack_unpack_internal): infect taint flag. * test/ruby/test_pack.rb: add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@65128 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
1 parent 0b1e97d commit a2958f6

File tree

3 files changed

+26
-3
lines changed

3 files changed

+26
-3
lines changed

pack.c

+7
Original file line numberDiff line numberDiff line change
@@ -749,6 +749,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
749749
StringValue(from);
750750
ptr = RSTRING_PTR(from);
751751
plen = RSTRING_LEN(from);
752+
OBJ_INFECT(res, from);
752753

753754
if (len == 0 && type == 'm') {
754755
encodes(res, ptr, plen, type, 0);
@@ -776,6 +777,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
776777

777778
case 'M': /* quoted-printable encoded string */
778779
from = rb_obj_as_string(NEXTFROM);
780+
OBJ_INFECT(res, from);
779781
if (len <= 1)
780782
len = 72;
781783
qpencode(res, from, len);
@@ -801,6 +803,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
801803
}
802804
else {
803805
t = StringValuePtr(from);
806+
OBJ_INFECT(res, from);
804807
rb_obj_taint(from);
805808
}
806809
if (!associates) {
@@ -1184,6 +1187,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
11841187
len = (send - s) * 8;
11851188
bits = 0;
11861189
bitstr = rb_usascii_str_new(0, len);
1190+
OBJ_INFECT(bitstr, str);
11871191
t = RSTRING_PTR(bitstr);
11881192
for (i=0; i<len; i++) {
11891193
if (i & 7) bits >>= 1;
@@ -1205,6 +1209,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
12051209
len = (send - s) * 8;
12061210
bits = 0;
12071211
bitstr = rb_usascii_str_new(0, len);
1212+
OBJ_INFECT(bitstr, str);
12081213
t = RSTRING_PTR(bitstr);
12091214
for (i=0; i<len; i++) {
12101215
if (i & 7) bits <<= 1;
@@ -1226,6 +1231,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
12261231
len = (send - s) * 2;
12271232
bits = 0;
12281233
bitstr = rb_usascii_str_new(0, len);
1234+
OBJ_INFECT(bitstr, str);
12291235
t = RSTRING_PTR(bitstr);
12301236
for (i=0; i<len; i++) {
12311237
if (i & 1)
@@ -1249,6 +1255,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
12491255
len = (send - s) * 2;
12501256
bits = 0;
12511257
bitstr = rb_usascii_str_new(0, len);
1258+
OBJ_INFECT(bitstr, str);
12521259
t = RSTRING_PTR(bitstr);
12531260
for (i=0; i<len; i++) {
12541261
if (i & 1)

test/ruby/test_pack.rb

+16
Original file line numberDiff line numberDiff line change
@@ -860,4 +860,20 @@ def test_unpack1
860860
assert_equal "hogefuga", "aG9nZWZ1Z2E=".unpack1("m")
861861
assert_equal "01000001", "A".unpack1("B*")
862862
end
863+
864+
def test_pack_infection
865+
tainted_array_string = ["123456"]
866+
tainted_array_string.first.taint
867+
['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f|
868+
assert_predicate(tainted_array_string.pack(f), :tainted?)
869+
end
870+
end
871+
872+
def test_unpack_infection
873+
tainted_string = "123456"
874+
tainted_string.taint
875+
['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f|
876+
assert_predicate(tainted_string.unpack(f).first, :tainted?)
877+
end
878+
end
863879
end

version.h

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
#define RUBY_VERSION "2.5.2"
2-
#define RUBY_RELEASE_DATE "2018-10-17"
3-
#define RUBY_PATCHLEVEL 102
2+
#define RUBY_RELEASE_DATE "2018-10-18"
3+
#define RUBY_PATCHLEVEL 103
44

55
#define RUBY_RELEASE_YEAR 2018
66
#define RUBY_RELEASE_MONTH 10
7-
#define RUBY_RELEASE_DAY 17
7+
#define RUBY_RELEASE_DAY 18
88

99
#include "ruby/version.h"
1010

0 commit comments

Comments
 (0)