* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen

yugui · yugui · commit 4600cf725a86 · 2009-05-11T15:07:10.000Z
with a tainted name of library.
  Patch by sheepman &lt;sheepman AT sheepman.sakura.ne.jp&gt;.

* ext/dl/dl.c (rb_dlhandle_sym): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@23405 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,11 @@
+Mon May 11 23:14:06 2009  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
+
+	* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen
+	  with a tainted name of library.
+	  Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.
+
+	* ext/dl/dl.c (rb_dlhandle_sym): ditto
+
 Mon May 11 22:33:46 2009  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
 
 	* ext/dl/lib/dl/func.rb (DL::Function#call): prevents
diff --git a/ext/dl/handle.c b/ext/dl/handle.c
@@ -5,6 +5,8 @@
 #include <ruby.h>
 #include "dl.h"
 
+#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v))
+
 VALUE rb_cDLHandle;
 
 void
@@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self)
     cflag = RTLD_LAZY | RTLD_GLOBAL;
     break;
   case 1:
-    clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+    clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
     cflag = RTLD_LAZY | RTLD_GLOBAL;
     break;
   case 2:
-    clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+    clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
     cflag = NUM2INT(flag);
     break;
   default:
@@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym)
 
     rb_secure(2);
 
-    name = StringValuePtr(sym);
+    name = SafeStringValuePtr(sym);
 
     Data_Get_Struct(self, struct dl_handle, dlhandle);
     if( ! dlhandle->open ){
