Backport #4087
closedString#scan(arg) taints results if arg is a Regexp but not if arg is a String
Description
=begin
Is this intended? If so, would you please explain the rationale.
$ ruby -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
true
true
true
$ ruby1.8.7 -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.8.7 (2010-08-16 patchlevel 302) [i686-darwin9.8.0]
true
true
true
$ ruby1.9.2 -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]
true
true
true
$ ruby -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
false
false
false
$ ruby1.8.7 -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.8.7 (2010-08-16 patchlevel 302) [i686-darwin9.8.0]
false
false
false
$ ruby1.9.2 -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]
false
false
false
Thanks,
Brian
=end
Updated by usa (Usaku NAKAMURA) over 13 years ago
=begin
Hello,
In message "[ruby-core:33338] [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
on Nov.25,2010 05:38:28, redmine@ruby-lang.org wrote:
Bug #4087: String#scan(arg) taints results if arg is a Regexp but not if arg is a String
Is this intended?
Maybe not.
patch for trunk.
Index: re.c
--- re.c (revision 29923)
+++ re.c (working copy)
@@ -2443,6 +2443,7 @@
}
ret = rb_reg_initialize(obj, RSTRING_PTR(str), RSTRING_LEN(str), enc,
options, err, sourcefile, sourceline);
- OBJ_INFECT(obj, str);
RB_GC_GUARD(str);
return ret;
}
Regards,¶
U.Nakamura usa@garbagecollect.jp
=end
Updated by matz (Yukihiro Matsumoto) over 13 years ago
=begin
Hi,
In message "Re: [ruby-core:33351] Re: [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
on Thu, 25 Nov 2010 13:31:44 +0900, "U.Nakamura" usa@garbagecollect.jp writes:
|In message "[ruby-core:33338] [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
| on Nov.25,2010 05:38:28, redmine@ruby-lang.org wrote:
|> Bug #4087: String#scan(arg) taints results if arg is a Regexp but not if arg is a String
|> Is this intended?
|
|Maybe not.
|patch for trunk.
I vaguely remember retrieving fixed string could hardly be security issue,
but I agree it's inconsistent, besides confusing. Could you check in?
matz.
=end
Updated by usa (Usaku NAKAMURA) over 13 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
=begin
This issue was solved with changeset r29932.
Brian, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
=end
Updated by usa (Usaku NAKAMURA) over 13 years ago
- Category set to core
- Status changed from Closed to Assigned
- Assignee set to shyouhei (Shyouhei Urabe)
Updated by shyouhei (Shyouhei Urabe) over 13 years ago
- Status changed from Assigned to Feedback
- Assignee changed from shyouhei (Shyouhei Urabe) to usa (Usaku NAKAMURA)
Updated by shyouhei (Shyouhei Urabe) over 13 years ago
- Status changed from Feedback to Closed
=begin
This issue was solved with changeset r30080.
Brian, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
=end