diff options
Diffstat (limited to 'lang/ruby18-base/patches/patch-ck')
-rw-r--r-- | lang/ruby18-base/patches/patch-ck | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/lang/ruby18-base/patches/patch-ck b/lang/ruby18-base/patches/patch-ck new file mode 100644 index 00000000000..7a67da6e5e6 --- /dev/null +++ b/lang/ruby18-base/patches/patch-ck @@ -0,0 +1,34 @@ +$NetBSD: patch-ck,v 1.1 2006/07/30 23:12:50 taca Exp $ + +# fix for JVN#13947696 (part of CVE-2006-3694) + +--- dir.c.orig 2005-09-14 22:40:58.000000000 +0900 ++++ dir.c +@@ -325,7 +325,17 @@ dir_closed() + rb_raise(rb_eIOError, "closed directory"); + } + ++static void ++dir_check(dir) ++ VALUE dir; ++{ ++ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4) ++ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir"); ++ rb_check_frozen(dir); ++} ++ + #define GetDIR(obj, dirp) do {\ ++ dir_check(dir);\ + Data_Get_Struct(obj, struct dir_data, dirp);\ + if (dirp->dir == NULL) dir_closed();\ + } while (0) +@@ -536,6 +546,9 @@ dir_close(dir) + { + struct dir_data *dirp; + ++ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) { ++ rb_raise(rb_eSecurityError, "Insecure: can't close"); ++ } + GetDIR(dir, dirp); + closedir(dirp->dir); + dirp->dir = NULL; |