File CVE-2013-2065.patch of Package ruby19

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2013-2065.patch of Package ruby19

From ca7c298dd6fe7731e324f779585236655cc4fc5e Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Fri, 10 May 2013 16:25:08 -0700
Subject: [PATCH] [CVE-2013-2065] check object tainting before calling the
 foreign function

---
 ext/dl/lib/dl/func.rb | 3 +++
 ext/fiddle/function.c | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/ext/dl/lib/dl/func.rb b/ext/dl/lib/dl/func.rb
index 7b9b54f..9a984ed 100644
--- a/ext/dl/lib/dl/func.rb
+++ b/ext/dl/lib/dl/func.rb
@@ -92,6 +92,9 @@ module DL
         super
       else
         funcs = []
+        if $SAFE >= 1 && args.any? { |x| x.tainted? }
+          raise SecurityError, "tainted parameter not allowed"
+        end
         _args = wrap_args(args, @stack.types, funcs, &block)
         r = @cfunc.call(@stack.pack(_args))
         funcs.each{|f| f.unbind_at_call()}
diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c
index ada37a4..52f7695 100644
--- a/ext/fiddle/function.c
+++ b/ext/fiddle/function.c
@@ -101,6 +101,15 @@ function_call(int argc, VALUE argv[], VALUE self)
 
     TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif);
 
+    if (rb_safe_level() >= 1) {
+   for (i = 0; i < argc; i++) {
+       VALUE src = argv[i];
+       if (OBJ_TAINTED(src)) {
+       rb_raise(rb_eSecurityError, "tainted parameter not allowed");
+       }
+   }
+    }
+
     values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *));
     generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic));
 
-- 
1.8.1.1

Places

File CVE-2013-2065.patch of Package ruby19

Places