diff --git a/ChangeLog b/ChangeLog index 0e10337e2f..f96bf5a7c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +Thu Dec 13 14:10:00 2012 Shugo Maeda + + * marshal.c (r_entry0): don't taint classes and modules because + Marshal.load just return the dumped classes and modules. + [Bug #7325] [ruby-core:49198] + + * test/ruby/test_marshal.rb: related test. + Thu Dec 13 14:10:13 2012 NAKAMURA Usaku * test/ruby/test_require.rb (TestRequire#test_loaded_features_encoding): diff --git a/marshal.c b/marshal.c index 061a8d5f31..8c60e5d80a 100644 --- a/marshal.c +++ b/marshal.c @@ -1323,7 +1323,8 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg) else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection) { + if (arg->infection && + TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) { FL_SET(v, arg->infection); if ((VALUE)real_obj != Qundef) FL_SET((VALUE)real_obj, arg->infection); diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index e68839472d..bc5ee6295d 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -499,4 +499,22 @@ class TestMarshal < Test::Unit::TestCase ary = [ [2.0, e], [e] ] assert_equal(ary, Marshal.load(Marshal.dump(ary)), bug7348) end + + class TestClass + end + + module TestModule + end + + def test_marshal_load_should_not_taint_classes + bug7325 = '[ruby-core:49198]' + for c in [TestClass, TestModule] + assert(!c.tainted?) + assert(!c.untrusted?) + c2 = Marshal.load(Marshal.dump(c).taint.untrust) + assert_same(c, c2) + assert(!c.tainted?, bug7325) + assert(!c.untrusted?, bug7325) + end + end end