1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
$NetBSD: patch-ad,v 1.5 2006/07/30 23:12:50 taca Exp $
# now contains fix for JVN#83768862 (part of CVE-2006-3694)
--- eval.c.orig 2005-12-20 22:41:47.000000000 +0900
+++ eval.c
@@ -1810,12 +1810,13 @@ ev_const_defined(cref, id, self)
while (cbase && cbase->nd_next) {
struct RClass *klass = RCLASS(cbase->nd_clss);
- if (NIL_P(klass)) return rb_const_defined(CLASS_OF(self), id);
- if (klass->iv_tbl && st_lookup(klass->iv_tbl, id, &result)) {
- if (result == Qundef && NIL_P(rb_autoload_p((VALUE)klass, id))) {
- return Qfalse;
+ if (!NIL_P(klass)) {
+ if (klass->iv_tbl && st_lookup(klass->iv_tbl, id, &result)) {
+ if (result == Qundef && NIL_P(rb_autoload_p((VALUE)klass, id))) {
+ return Qfalse;
+ }
+ return Qtrue;
}
- return Qtrue;
}
cbase = cbase->nd_next;
}
@@ -1834,13 +1835,15 @@ ev_const_get(cref, id, self)
while (cbase && cbase->nd_next) {
VALUE klass = cbase->nd_clss;
- if (NIL_P(klass)) return rb_const_get(CLASS_OF(self), id);
- while (RCLASS(klass)->iv_tbl && st_lookup(RCLASS(klass)->iv_tbl, id, &result)) {
- if (result == Qundef) {
- if (!RTEST(rb_autoload_load(klass, id))) break;
- continue;
+ if (!NIL_P(klass)) {
+ while (RCLASS(klass)->iv_tbl &&
+ st_lookup(RCLASS(klass)->iv_tbl, id, &result)) {
+ if (result == Qundef) {
+ if (!RTEST(rb_autoload_load(klass, id))) break;
+ continue;
+ }
+ return result;
}
- return result;
}
cbase = cbase->nd_next;
}
@@ -2097,7 +2100,8 @@ rb_alias(klass, name, def)
}
}
st_insert(RCLASS(klass)->m_tbl, name,
- (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex));
+ (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin),
+ NOEX_WITH_SAFE(orig->nd_noex)));
if (singleton) {
rb_funcall(singleton, singleton_added, 1, ID2SYM(name));
}
@@ -3886,7 +3890,7 @@ rb_eval(self, n)
if (NIL_P(ruby_class)) {
rb_raise(rb_eTypeError, "no class to undef method");
}
- rb_undef(ruby_class, node->nd_mid);
+ rb_undef(ruby_class, rb_to_id(rb_eval(self, node->u2.node)));
result = Qnil;
break;
@@ -3894,12 +3898,13 @@ rb_eval(self, n)
if (NIL_P(ruby_class)) {
rb_raise(rb_eTypeError, "no class to make alias");
}
- rb_alias(ruby_class, node->nd_new, node->nd_old);
+ rb_alias(ruby_class, rb_to_id(rb_eval(self, node->u1.node)),
+ rb_to_id(rb_eval(self, node->u2.node)));
result = Qnil;
break;
case NODE_VALIAS:
- rb_alias_variable(node->nd_new, node->nd_old);
+ rb_alias_variable(node->u1.id, node->u2.id);
result = Qnil;
break;
@@ -5638,6 +5643,11 @@ rb_call0(klass, recv, id, oid, argc, arg
TMP_PROTECT;
volatile int safe = -1;
+ if (NOEX_SAFE(flags) > ruby_safe_level &&
+ !(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+ rb_raise(rb_eSecurityError, "calling insecure method: %s",
+ rb_id2name(id));
+ }
switch (ruby_iter->iter) {
case ITER_PRE:
case ITER_PAS:
@@ -5742,10 +5752,6 @@ rb_call0(klass, recv, id, oid, argc, arg
b2 = body = body->nd_next;
if (NOEX_SAFE(flags) > ruby_safe_level) {
- if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
- rb_raise(rb_eSecurityError, "calling insecure method: %s",
- rb_id2name(id));
- }
safe = ruby_safe_level;
ruby_safe_level = NOEX_SAFE(flags);
}
|
