Project

General

Profile

Bug #9769

un-infection in StringIO#write

Added by dearblue (宗介 相良) about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.1.1p76 (2014-02-24 revision 45161) [amd64-freebsd10]
[ruby-dev:48118]

Description

StringIO#write において、汚染された文字列を与えても汚染状態が伝播しません。

  • 文字列の拡張を伴わない書き込み (こちらは伝播する)

$ ruby -r stringio -e 'str = "abcdefg"; sio = StringIO.new(str); sio << "hijklmn".taint; p str: str.tainted?, sio: sio.tainted?'
{:str=>true, :sio=>false}

  • 文字列の拡張を伴う書き込み (こちらが伝播しない)

$ ruby -r stringio -e 'str = "abcdefg"; sio = StringIO.new(str, "ab"); sio << "hijklmn".taint; p str: str.tainted?, sio: sio.tainted?'
{:str=>false, :sio=>false}

内部文字列オブジェクトに伝播されたほうが好ましいと思います。

確認した限りでは 1.9.3、2.0.0、2.1.1 の挙動が同じとなっています。

添付いたしましたパッチの適用で、与えられた文字列の汚染状態を伝播するようになります。

$ ruby -r stringio -e 'str = "abcdefg"; sio = StringIO.new(str); sio << "hijklmn".taint; p str: str.tainted?, sio: sio.tainted?'
{:str=>true, :sio=>false}

$ ruby -r stringio -e 'str = "abcdefg"; sio = StringIO.new(str, "ab"); sio << "hijklmn".taint; p str: str.tainted?, sio: sio.tainted?'
{:str=>true, :sio=>false}

よろしくお願いします。


Files

stringio_infect.patch (485 Bytes) stringio_infect.patch dearblue (宗介 相良), 04/22/2014 11:47 AM

Associated revisions

Revision a1975817
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45670 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 45670
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45670
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45670
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45670
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45670
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45670
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 2c14872b
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 45677
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45677
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45677
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45677
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45677
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision 45677
Added by nobu (Nobuyoshi Nakada) about 5 years ago

stringio.c: use rb_str_append other than ASCII-8BIT

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits other than ASCII-8BIT, and keep taintedness. [ruby-dev:48118] [Bug #9769]

Revision c4e25813
Added by nagachika (Tomoyuki Chikanaga) almost 5 years ago

merge revision(s) r45676,r45677: [Backport #9769]

    stringio.c: move GC guard

    * ext/stringio/stringio.c (strio_write): move GC guard after the

last using position.
* ext/stringio/stringio.c (strio_write): use rb_str_append to
reuse coderange bits other than ASCII-8BIT, and keep
taintedness. [ruby-dev:48118] [Bug #9769]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@47106 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 47106
Added by nagachika (Tomoyuki Chikanaga) almost 5 years ago

merge revision(s) r45676,r45677: [Backport #9769]

stringio.c: move GC guard

* ext/stringio/stringio.c (strio_write): move GC guard after the

last using position.
* ext/stringio/stringio.c (strio_write): use rb_str_append to
reuse coderange bits other than ASCII-8BIT, and keep
taintedness. [ruby-dev:48118] [Bug #9769]

Revision 101e636d
Added by usa (Usaku NAKAMURA) almost 5 years ago

merge revision(s) 45676,45677: [Backport #9769]

    stringio.c: move GC guard

    * ext/stringio/stringio.c (strio_write): move GC guard after the

last using position.
* ext/stringio/stringio.c (strio_write): use rb_str_append to
reuse coderange bits other than ASCII-8BIT, and keep
taintedness. [ruby-dev:48118] [Bug #9769]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@47366 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 47366
Added by usa (Usaku NAKAMURA) almost 5 years ago

merge revision(s) 45676,45677: [Backport #9769]

stringio.c: move GC guard

* ext/stringio/stringio.c (strio_write): move GC guard after the

last using position.
* ext/stringio/stringio.c (strio_write): use rb_str_append to
reuse coderange bits other than ASCII-8BIT, and keep
taintedness. [ruby-dev:48118] [Bug #9769]

History

Updated by shyouhei (Shyouhei Urabe) about 5 years ago

念のため: このバグ報告はsecurity@ruby-lang.orgに送られていたものですが、中の人たちの判断によりこちらにて議論されることになりました。

Updated by nobu (Nobuyoshi Nakada) about 5 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset r45670.


stringio.c: use rb_str_append

  • ext/stringio/stringio.c (strio_write): use rb_str_append to reuse coderange bits and keep taintedness. [ruby-dev:48118] [Bug #9769]

Updated by usa (Usaku NAKAMURA) about 5 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED

Updated by nagachika (Tomoyuki Chikanaga) almost 5 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE

r45676 and r45677 were backported into ruby_2_1 branch.

Updated by usa (Usaku NAKAMURA) almost 5 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1: DONE

backported into ruby_2_0_0 at r47366.

Also available in: Atom PDF