1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

release RUBYGEMS_ACTIVATION_MONITOR correctly.

Browse Source 
`File.symlink? safe_lp` can raise SecurityError and raising an
exception can leave RUBYGEMS_ACTIVATION_MONITOR locking. This
patch release it correctly.
This commit is contained in:
Koichi Sasada 2019-11-12 04:33:28 +09:00
parent 4be1e84d78
commit b8d242d221
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/rubygems/core_ext/kernel_require.rb
View File

@ -42,7 +42,15 @@ module Kernel
rp = nil rp = nil
$LOAD_PATH[0...Gem.load_path_insert_index || -1].each do |lp| $LOAD_PATH[0...Gem.load_path_insert_index || -1].each do |lp|
safe_lp = lp.dup.tap(&Gem::UNTAINT) safe_lp = lp.dup.tap(&Gem::UNTAINT)
next if File.symlink? safe_lp # for backword compatibility begin
if File.symlink? safe_lp # for backword compatibility
next
end
rescue SecurityError
RUBYGEMS_ACTIVATION_MONITOR.exit
raise
end
Gem.suffixes.each do |s| Gem.suffixes.each do |s|
full_path = File.expand_path(File.join(safe_lp, "#{path}#{s}")) full_path = File.expand_path(File.join(safe_lp, "#{path}#{s}"))
if File.file?(full_path) if File.file?(full_path)
@ -159,7 +167,7 @@ module Kernel
raise load_error raise load_error
ensure ensure
if RUBYGEMS_ACTIVATION_MONITOR.mon_owned? if RUBYGEMS_ACTIVATION_MONITOR.mon_owned?
STDERR.puts [$!, $!.backtrace].inspect STDERR.puts [$$, Thread.current, $!, $!.backtrace].inspect if $!
raise "CRITICAL: RUBYGEMS_ACTIVATION_MONITOR is holding." raise "CRITICAL: RUBYGEMS_ACTIVATION_MONITOR is holding."
end end
end end