blob: 7a67da6e5e6f4ecc314a720e27cfda7aacb3f137 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
$NetBSD: patch-ck,v 1.1 2006/07/30 23:12:50 taca Exp $
# fix for JVN#13947696 (part of CVE-2006-3694)
--- dir.c.orig 2005-09-14 22:40:58.000000000 +0900
+++ dir.c
@@ -325,7 +325,17 @@ dir_closed()
rb_raise(rb_eIOError, "closed directory");
}
+static void
+dir_check(dir)
+ VALUE dir;
+{
+ if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
+ rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
+ rb_check_frozen(dir);
+}
+
#define GetDIR(obj, dirp) do {\
+ dir_check(dir);\
Data_Get_Struct(obj, struct dir_data, dirp);\
if (dirp->dir == NULL) dir_closed();\
} while (0)
@@ -536,6 +546,9 @@ dir_close(dir)
{
struct dir_data *dirp;
+ if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
GetDIR(dir, dirp);
closedir(dirp->dir);
dirp->dir = NULL;
|