realpath-taint.patch - Ruby - Ruby Issue Tracking System

Download (1.65 KB)

Bug #15803 » realpath-taint.patch

jeremyevans0 (Jeremy Evans), 04/27/2019 05:11 PM

+    	}
+        }
         OBJ_INFECT(resolved, unresolved_path);
         rb_obj_taint(resolved);
         RB_GC_GUARD(unresolved_path);
         RB_GC_GUARD(curdir);
         return resolved;

           assert_predicate(File.realpath(base, dir), :tainted?)
           base.untaint
           dir.untaint
           assert_not_predicate(File.realpath(base, dir), :tainted?)
           assert_predicate(File.realpath(base, dir), :tainted?)
           assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?)
+        }
       end

(1-1/1)