From 9e39c618da89cda4819b62f14f82348372f32d63 Mon Sep 17 00:00:00 2001 From: nobu Date: Thu, 9 Sep 2010 22:29:16 +0000 Subject: [PATCH] * ext/etc/etc.c (etc_systmpdir): assume system default tmpdir safe. [ruby-dev:42089] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29209 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 5 +++++ ext/etc/etc.c | 7 +++++-- test/test_tempfile.rb | 4 ++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index fa7d56caf8..7b686a55df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Fri Sep 10 07:29:14 2010 Nobuyoshi Nakada + + * ext/etc/etc.c (etc_systmpdir): assume system default tmpdir + safe. [ruby-dev:42089] + Fri Sep 10 07:03:23 2010 Tanaka Akira * ext/pathname/pathname.c (path_size_p): Pathname#size? translated from diff --git a/ext/etc/etc.c b/ext/etc/etc.c index 0a01acf47d..9f2b4590b6 100644 --- a/ext/etc/etc.c +++ b/ext/etc/etc.c @@ -584,14 +584,17 @@ etc_sysconfdir(VALUE obj) static VALUE etc_systmpdir(void) { + VALUE tmpdir; #ifdef _WIN32 WCHAR path[_MAX_PATH]; UINT len = rb_w32_system_tmpdir(path, numberof(path)); if (!len) return Qnil; - return rb_w32_conv_from_wchar(path, rb_filesystem_encoding()); + tmpdir = rb_w32_conv_from_wchar(path, rb_filesystem_encoding()); #else - return rb_filesystem_str_new_cstr("/tmp"); + tmpdir = rb_filesystem_str_new_cstr("/tmp"); #endif + FL_UNSET(tmpdir, FL_TAINT|FL_UNTRUSTED); + return tmpdir; } /* diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb index b0c0703a6a..1055bd45d8 100644 --- a/test/test_tempfile.rb +++ b/test/test_tempfile.rb @@ -30,6 +30,10 @@ class TestTempfile < Test::Unit::TestCase def test_saves_in_dir_tmpdir_by_default t = tempfile("foo") assert_equal Dir.tmpdir, File.dirname(t.path) + bug3733 = '[ruby-dev:42089]' + assert_nothing_raised(SecurityError, bug3733) { + proc {$SAFE = 1; File.expand_path(Dir.tmpdir)}.call + } end def test_saves_in_given_directory