summaryrefslogtreecommitdiff
path: root/lang/ruby18-base/patches/patch-ck
diff options
context:
space:
mode:
Diffstat (limited to 'lang/ruby18-base/patches/patch-ck')
-rw-r--r--lang/ruby18-base/patches/patch-ck34
1 files changed, 34 insertions, 0 deletions
diff --git a/lang/ruby18-base/patches/patch-ck b/lang/ruby18-base/patches/patch-ck
new file mode 100644
index 00000000000..7a67da6e5e6
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-ck
@@ -0,0 +1,34 @@
+$NetBSD: patch-ck,v 1.1 2006/07/30 23:12:50 taca Exp $
+
+# fix for JVN#13947696 (part of CVE-2006-3694)
+
+--- dir.c.orig 2005-09-14 22:40:58.000000000 +0900
++++ dir.c
+@@ -325,7 +325,17 @@ dir_closed()
+ rb_raise(rb_eIOError, "closed directory");
+ }
+
++static void
++dir_check(dir)
++ VALUE dir;
++{
++ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
++ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
++ rb_check_frozen(dir);
++}
++
+ #define GetDIR(obj, dirp) do {\
++ dir_check(dir);\
+ Data_Get_Struct(obj, struct dir_data, dirp);\
+ if (dirp->dir == NULL) dir_closed();\
+ } while (0)
+@@ -536,6 +546,9 @@ dir_close(dir)
+ {
+ struct dir_data *dirp;
+
++ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
++ rb_raise(rb_eSecurityError, "Insecure: can't close");
++ }
+ GetDIR(dir, dirp);
+ closedir(dirp->dir);
+ dirp->dir = NULL;
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-01 19:32:37 +0000