* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when

$SAFE > 0. * ext/fiddle/function.c (function_call): check tainted when $SAFE > 0. * test/fiddle/test_func.rb (module Fiddle): add test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40728 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-05-14 11:06:58 +0000
committer: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-05-14 11:06:58 +0000
commit: c7d7ff45f1e0d6fad28e53c02108d4b067e843c3 (patch)
tree: d60cb2e9a20860bff7c8acc9422b7f1221b288dc /test/fiddle/test_func.rb
parent: 912c16db3dae29fb473152d8861ec7afcf2964b7 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/test/fiddle/test_func.rb b/test/fiddle/test_func.rb
index e77229b7e8..92bcd8ed25 100644
--- a/test/fiddle/test_func.rb
+++ b/test/fiddle/test_func.rb
@@ -7,6 +7,16 @@ module Fiddle
       assert_nil f.call(10)
     end
 
+    def test_syscall_with_tainted_string
+      f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
+      assert_raises(SecurityError) do
+        Thread.new {
+          $SAFE = 1
+          f.call("uname -rs".taint)
+        }.join
+      end
+    end
+
     def test_sinf
       begin
         f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)
author	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-05-14 11:06:58 +0000
committer	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-05-14 11:06:58 +0000
commit	c7d7ff45f1e0d6fad28e53c02108d4b067e843c3 (patch)
tree	d60cb2e9a20860bff7c8acc9422b7f1221b288dc /test/fiddle/test_func.rb
parent	912c16db3dae29fb473152d8861ec7afcf2964b7 (diff)