Project

General

Profile

Actions

Backport #4087

closed

String#scan(arg) taints results if arg is a Regexp but not if arg is a String

Added by brixen (Brian Shirai) over 13 years ago. Updated almost 13 years ago.

Status:
Closed
[ruby-core:33338]

Description

=begin
Is this intended? If so, would you please explain the rationale.

$ ruby -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
true
true
true

$ ruby1.8.7 -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.8.7 (2010-08-16 patchlevel 302) [i686-darwin9.8.0]
true
true
true

$ ruby1.9.2 -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]
true
true
true

$ ruby -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
false
false
false

$ ruby1.8.7 -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.8.7 (2010-08-16 patchlevel 302) [i686-darwin9.8.0]
false
false
false

$ ruby1.9.2 -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]
false
false
false

Thanks,
Brian
=end

Actions #1

Updated by usa (Usaku NAKAMURA) over 13 years ago

=begin
Hello,

In message "[ruby-core:33338] [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
on Nov.25,2010 05:38:28, wrote:

Bug #4087: String#scan(arg) taints results if arg is a Regexp but not if arg is a String
Is this intended?

Maybe not.
patch for trunk.

Index: re.c

--- re.c (revision 29923)
+++ re.c (working copy)
@@ -2443,6 +2443,7 @@
}
ret = rb_reg_initialize(obj, RSTRING_PTR(str), RSTRING_LEN(str), enc,
options, err, sourcefile, sourceline);

  • OBJ_INFECT(obj, str);
    RB_GC_GUARD(str);
    return ret;
    }

Regards,

U.Nakamura

=end

Actions #2

Updated by matz (Yukihiro Matsumoto) over 13 years ago

=begin
Hi,

In message "Re: [ruby-core:33351] Re: [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
on Thu, 25 Nov 2010 13:31:44 +0900, "U.Nakamura" writes:

|In message "[ruby-core:33338] [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
| on Nov.25,2010 05:38:28, wrote:
|> Bug #4087: String#scan(arg) taints results if arg is a Regexp but not if arg is a String
|> Is this intended?
|
|Maybe not.
|patch for trunk.

I vaguely remember retrieving fixed string could hardly be security issue,
but I agree it's inconsistent, besides confusing. Could you check in?

						matz.

=end

Actions #3

Updated by usa (Usaku NAKAMURA) over 13 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin
This issue was solved with changeset r29932.
Brian, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

=end

Actions #4

Updated by usa (Usaku NAKAMURA) over 13 years ago

  • Category set to core
  • Status changed from Closed to Assigned
  • Assignee set to shyouhei (Shyouhei Urabe)

=begin

FYI, r29935 on ruby_1_8.

=end

Actions #5

Updated by shyouhei (Shyouhei Urabe) over 13 years ago

  • Status changed from Assigned to Feedback
  • Assignee changed from shyouhei (Shyouhei Urabe) to usa (Usaku NAKAMURA)

=begin

FYI, r29935 on ruby_1_8.

No it's not. Tell me the correct rev.
=end

Actions #6

Updated by shyouhei (Shyouhei Urabe) over 13 years ago

  • Status changed from Feedback to Closed

=begin
This issue was solved with changeset r30080.
Brian, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

=end

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0