* eval.c (secure_visibility): visibility check for untainted modules.

* signal.c (sigpipe): sighandler which does nothing.

* signal.c (trap): set sigpipe function for SIGPIPE.

* signal.c (Init_signal): default SIGPIPE handler should be
  sigpipe function.

* array.c (rb_ary_subseq): wrong boundary check.

* parse.y (cond0): integer literal in condition should not be
  compared to lineno ($.).


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

8 files changed, 90 insertions, 16 deletions

diff --git a/ChangeLog b/ChangeLog
index cb5ee4d1cf..9d1bf4dda4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+Mon Feb 19 01:55:43 2001  Yukihiro Matsumoto  <[email protected]>
+
+	* eval.c (secure_visibility): visibility check for untainted modules.
+
+Mon Feb 19 00:29:29 2001  Nobuyoshi Nakada  <[email protected]>
+
+	* signal.c (sigpipe): sighandler which does nothing.
+
+	* signal.c (trap): set sigpipe function for SIGPIPE.
+
+	* signal.c (Init_signal): default SIGPIPE handler should be
+	  sigpipe function.
+
 Sun Feb 18 15:42:38 2001  WATANABE Hirofumi  <[email protected]>
 
 	* ext/curses/extconf.rb: add dir_config.
@@ -8,6 +21,10 @@ Sun Feb 18 05:46:03 2001  Minero Aoki  <[email protected]>
 
 	* lib/net/http.rb: Response#range_length was not debugged.
 
+Sun Feb 18 04:02:03 2001  Yasushi Shoji  <[email protected]>
+
+	* array.c (rb_ary_subseq): wrong boundary check.
+
 Sun Feb 18 00:09:50 2001  Nobuyoshi Nakada  <[email protected]>
 
 	* win32/win32.c: fasten file I/O on mswin32/mingw32.
@@ -16,6 +33,11 @@ Sun Feb 18 00:09:50 2001  Nobuyoshi Nakada  <[email protected]>
 
 	* rubysig.h: ditto.
 
+Sat Feb 17 23:32:45 2001  Yukihiro Matsumoto  <[email protected]>
+
+	* parse.y (cond0): integer literal in condition should not be
+	  compared to lineno ($.).
+
 Fri Feb 16 01:44:56 2001  Yukihiro Matsumoto  <[email protected]>
 
 	* io.c (set_outfile): f should be the FILE* from the assigning value.
diff --git a/ToDo b/ToDo
index fa60ea0128..c144100529 100644
--- a/ToDo
+++ b/ToDo
@@ -74,6 +74,7 @@ Standard Libraries
 * or raise ForkException to every thread but fork caller.
 * Hash::new{default} or recommend Hash#fetch?
 * new user-defined marshal scheme. _dump(dumper), _load(restorer)
+* warn, warning for Ruby level
 
 Extension Libraries
 
diff --git a/array.c b/array.c
index 768b7e8ffe..e18fb3d8f5 100644
--- a/array.c
+++ b/array.c
@@ -400,7 +400,7 @@ rb_ary_subseq(ary, beg, len)
 {
     VALUE ary2;
 
-    if (beg > RARRAY(ary)->len) return Qnil;
+    if (beg >= RARRAY(ary)->len) return Qnil;
     if (beg < 0 || len < 0) return Qnil;
 
     if (beg + len > RARRAY(ary)->len) {
diff --git a/error.c b/error.c
index b3d900fb9b..03bc93f0e0 100644
--- a/error.c
+++ b/error.c
@@ -412,6 +412,13 @@ exc_set_backtrace(exc, bt)
     return rb_iv_set(exc, "bt", check_backtrace(bt));
 }
 
+static VALUE
+exit_status(exc)
+    VALUE exc;
+{
+    return rb_iv_get(exc, "status");
+}
+
 #ifdef __BEOS__
 typedef struct {
    VALUE *list;
@@ -554,6 +561,8 @@ Init_Exception()
     rb_define_method(rb_eException, "set_backtrace", exc_set_backtrace, 1);
 
     rb_eSystemExit  = rb_define_class("SystemExit", rb_eException);
+    rb_define_method(rb_eSystemExit, "status", exit_status, 0);
+
     rb_eFatal  	    = rb_define_class("fatal", rb_eException);
     rb_eSignal      = rb_define_class("SignalException", rb_eException);
     rb_eInterrupt   = rb_define_class("Interrupt", rb_eSignal);
diff --git a/eval.c b/eval.c
index 0323c9fbbe..fc46baae53 100644
--- a/eval.c
+++ b/eval.c
@@ -5427,6 +5427,15 @@ rb_require(fname)
 }
 
 static void
+secure_visibility(self)
+    VALUE self;
+{
+    if (rb_safe_level() >= 4 && !OBJ_TAINTED(self)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't change method visibility");
+    }
+}
+
+static void
 set_method_visibility(self, argc, argv, ex)
     VALUE self;
     int argc;
@@ -5435,6 +5444,7 @@ set_method_visibility(self, argc, argv, ex)
 {
     int i;
 
+    secure_visibility(self);
     for (i=0; i<argc; i++) {
 	rb_export_method(self, rb_to_id(argv[i]), ex);
     }
@@ -5446,6 +5456,7 @@ rb_mod_public(argc, argv, module)
     VALUE *argv;
     VALUE module;
 {
+    secure_visibility(module);
     if (argc == 0) {
 	SCOPE_SET(SCOPE_PUBLIC);
     }
@@ -5461,6 +5472,7 @@ rb_mod_protected(argc, argv, module)
     VALUE *argv;
     VALUE module;
 {
+    secure_visibility(module);
     if (argc == 0) {
 	SCOPE_SET(SCOPE_PROTECTED);
     }
@@ -5476,6 +5488,7 @@ rb_mod_private(argc, argv, module)
     VALUE *argv;
     VALUE module;
 {
+    secure_visibility(module);
     if (argc == 0) {
 	SCOPE_SET(SCOPE_PRIVATE);
     }
@@ -5535,6 +5548,7 @@ rb_mod_modfunc(argc, argv, module)
 	rb_raise(rb_eTypeError, "module_function must be called for modules");
     }
 
+    secure_visibility(module);
     if (argc == 0) {
 	SCOPE_SET(SCOPE_MODFUNC);
 	return module;
diff --git a/parse.y b/parse.y
index a0504cf0be..4f6095b6fd 100644
--- a/parse.y
+++ b/parse.y
@@ -4469,6 +4469,28 @@ warning_unless_e_option(str)
     if (e_option_supplied()) rb_warning(str);
 }
 
+static NODE *cond0();
+
+static NODE*
+cond2(node, logop)
+    NODE *node;
+    int logop;
+{
+    enum node_type type;
+
+    if (logop) return node;
+    if (!e_option_supplied()) return node;
+
+    warn_unless_e_option("integer literal in condition");
+    node = cond0(node);
+    type = nd_type(node);
+    if (type == NODE_NEWLINE) node = node->nd_next;
+    if (type == NODE_LIT && FIXNUM_P(node->nd_lit)) {
+	return call_op(node,tEQ,1,NEW_GVAR(rb_intern("$.")));
+    }
+    return node;
+}
+
 static NODE*
 cond0(node, logop)
     NODE *node;
@@ -4494,8 +4516,8 @@ cond0(node, logop)
 
       case NODE_DOT2:
       case NODE_DOT3:
-	node->nd_beg = cond0(node->nd_beg, logop);
-	node->nd_end = cond0(node->nd_end, logop);
+	node->nd_beg = cond2(node->nd_beg, logop);
+	node->nd_end = cond2(node->nd_end, logop);
 	if (type == NODE_DOT2) nd_set_type(node,NODE_FLIP2);
 	else if (type == NODE_DOT3) nd_set_type(node, NODE_FLIP3);
 	node->nd_cnt = local_append(0);
@@ -4509,20 +4531,12 @@ cond0(node, logop)
 	goto regexp;
 
       case NODE_LIT:
-	switch (TYPE(node->nd_lit)) {
-	  case T_REGEXP:
+	if (TYPE(node->nd_lit) == T_REGEXP) {
 	    warning_unless_e_option("regex literal in condition");
 	  regexp:
 	    nd_set_type(node, NODE_MATCH);
 	    local_cnt('_');
 	    local_cnt('~');
-	    break;
-
-	  case T_FIXNUM:
-	    if (logop) break;
-	    if (!e_option_supplied()) break;
-	    warn_unless_e_option("integer literal in condition");
-	    return call_op(node,tEQ,1,NEW_GVAR(rb_intern("$.")));
 	}
     }
     return node;
diff --git a/process.c b/process.c
index dcde77a9bb..85b205831f 100644
--- a/process.c
+++ b/process.c
@@ -299,12 +299,12 @@ struct waitall_data {
     int pid;
     int status;
     VALUE ary;
-}
+};
 
 static int
 waitall_each(key, value, data)
     int key, value;
-    struct wait_data *data;
+    struct waitall_data *data;
 {
     VALUE pid_status_member;
 
@@ -563,6 +563,10 @@ rb_proc_exec(str)
     char **argv, **a;
 
     security(str);
+
+    while (*str && ISSPACE(*str))
+	str++;
+
     for (s=str; *s; s++) {
 	if (*s != ' ' && !ISALPHA(*s) && strchr("*?{}[]<>()~&|\\$;'`\"\n",*s)) {
 #if defined(MSDOS)
diff --git a/signal.c b/signal.c
index 3ec0946471..ca4cded055 100644
--- a/signal.c
+++ b/signal.c
@@ -386,6 +386,16 @@ sigsegv(sig)
 }
 #endif
 
+#ifdef SIGPIPE
+static RETSIGTYPE sigsegv _((int));
+static RETSIGTYPE
+sigpipe(sig)
+    int sig;
+{
+    /* do nothing */
+}
+#endif
+
 void
 rb_trap_exit()
 {
@@ -546,7 +556,7 @@ trap(arg)
 #endif
 #ifdef SIGPIPE
 	  case SIGPIPE:
-	    func = SIG_IGN;
+	    func = sigpipe;
 	    break;
 #endif
 	}
@@ -659,7 +669,7 @@ Init_signal()
     ruby_signal(SIGSEGV, sigsegv);
 #endif
 #ifdef SIGPIPE
-    ruby_signal(SIGPIPE, SIG_IGN);
+    ruby_signal(SIGPIPE, sigpipe);
 #endif
 #endif /* MACOS_UNUSE_SIGNAL */
 }