diff --git a/Remove-taint-support.patch b/Remove-taint-support.patch new file mode 100644 index 0000000..c994a99 --- /dev/null +++ b/Remove-taint-support.patch @@ -0,0 +1,150 @@ +diff -Nur a/ext/ffi_c/AbstractMemory.c b/ext/ffi_c/AbstractMemory.c +--- a/ext/ffi_c/AbstractMemory.c 2022-01-26 16:51:07.093052671 +0800 ++++ b/ext/ffi_c/AbstractMemory.c 2022-01-26 16:50:35.108522777 +0800 +@@ -417,7 +417,7 @@ + checkBounds(ptr, off, len); + + end = memchr(ptr->address + off, 0, len); +- return rb_tainted_str_new((char *) ptr->address + off, ++ return rb_str_new((char *) ptr->address + off, + (end != NULL ? end - ptr->address - off : len)); + } + +@@ -453,7 +453,7 @@ + + for (i = 0; i < count; ++i) { + const char* strptr = *((const char**) (ptr->address + off) + i); +- rb_ary_push(retVal, (strptr == NULL ? Qnil : rb_tainted_str_new2(strptr))); ++ rb_ary_push(retVal, (strptr == NULL ? Qnil : rb_str_new2(strptr))); + } + + } else { +@@ -463,7 +463,7 @@ + if (strptr == NULL) { + break; + } +- rb_ary_push(retVal, rb_tainted_str_new2(strptr)); ++ rb_ary_push(retVal, rb_str_new2(strptr)); + } + } + +@@ -542,7 +542,7 @@ + checkRead(ptr); + checkBounds(ptr, off, len); + +- return rb_tainted_str_new((char *) ptr->address + off, len); ++ return rb_str_new((char *) ptr->address + off, len); + } + + /* +@@ -583,10 +583,6 @@ + checkWrite(ptr); + checkBounds(ptr, off, len); + +- if (rb_safe_level() >= 1 && OBJ_TAINTED(str)) { +- rb_raise(rb_eSecurityError, "Writing unsafe string to memory"); +- return Qnil; +- } + memcpy(ptr->address + off, RSTRING_PTR(str) + idx, len); + + return self; +@@ -718,7 +714,7 @@ + memcpy(&tmp, ptr->address + offset, sizeof(tmp)); + } + +- return tmp != NULL ? rb_tainted_str_new2(tmp) : Qnil; ++ return tmp != NULL ? rb_str_new2(tmp) : Qnil; + } + + static void +diff -Nur a/ext/ffi_c/Call.c b/ext/ffi_c/Call.c +--- a/ext/ffi_c/Call.c 2022-01-26 16:51:07.093052671 +0800 ++++ b/ext/ffi_c/Call.c 2022-01-26 16:50:38.876585203 +0800 +@@ -300,10 +300,6 @@ + param->ptr = NULL; + + } else { +- if (rb_safe_level() >= 1 && OBJ_TAINTED(argv[argidx])) { +- rb_raise(rb_eSecurityError, "Unsafe string parameter"); +- } +- + param->ptr = StringValueCStr(argv[argidx]); + } + +diff -Nur a/ext/ffi_c/DynamicLibrary.c b/ext/ffi_c/DynamicLibrary.c +--- a/ext/ffi_c/DynamicLibrary.c 2022-01-26 16:51:07.097052737 +0800 ++++ b/ext/ffi_c/DynamicLibrary.c 2022-01-26 16:50:35.108522777 +0800 +@@ -164,7 +164,7 @@ + { + char errmsg[1024]; + dl_error(errmsg, sizeof(errmsg)); +- return rb_tainted_str_new2(errmsg); ++ return rb_str_new2(errmsg); + } + + static void +diff -Nur a/ext/ffi_c/Function.c b/ext/ffi_c/Function.c +--- a/ext/ffi_c/Function.c 2022-01-26 16:51:07.097052737 +0800 ++++ b/ext/ffi_c/Function.c 2022-01-26 16:50:42.484644979 +0800 +@@ -808,7 +808,7 @@ + param = rbffi_longdouble_new(*(long double *) parameters[i]); + break; + case NATIVE_STRING: +- param = (*(void **) parameters[i] != NULL) ? rb_tainted_str_new2(*(char **) parameters[i]) : Qnil; ++ param = (*(void **) parameters[i] != NULL) ? rb_str_new2(*(char **) parameters[i]) : Qnil; + break; + case NATIVE_POINTER: + param = rbffi_Pointer_NewInstance(*(void **) parameters[i]); +diff -Nur a/ext/ffi_c/Types.c b/ext/ffi_c/Types.c +--- a/ext/ffi_c/Types.c 2022-01-26 16:51:07.105052870 +0800 ++++ b/ext/ffi_c/Types.c 2022-01-26 16:50:35.108522777 +0800 +@@ -80,7 +80,7 @@ + return rbffi_longdouble_new(*(long double *) ptr); + + case NATIVE_STRING: +- return (*(void **) ptr != NULL) ? rb_tainted_str_new2(*(char **) ptr) : Qnil; ++ return (*(void **) ptr != NULL) ? rb_str_new2(*(char **) ptr) : Qnil; + case NATIVE_POINTER: + return rbffi_Pointer_NewInstance(*(void **) ptr); + case NATIVE_BOOL: +diff -Nur a/spec/ffi/string_spec.rb b/spec/ffi/string_spec.rb +--- a/spec/ffi/string_spec.rb 2019-01-06 22:25:53.000000000 +0800 ++++ b/spec/ffi/string_spec.rb 2022-01-26 15:22:39.289071937 +0800 +@@ -15,37 +15,11 @@ + attach_function :string_null, [ ], :string + end + +- it "MemoryPointer#get_string returns a tainted string" do +- mp = FFI::MemoryPointer.new 1024 +- mp.put_string(0, "test\0") +- str = mp.get_string(0) +- expect(str.tainted?).to be true +- end +- +- it "String returned by a method is tainted" do +- mp = FFI::MemoryPointer.new :pointer +- sp = FFI::MemoryPointer.new 1024 +- sp.put_string(0, "test") +- mp.put_pointer(0, sp) +- str = StrLibTest.ptr_ret_pointer(mp, 0) +- expect(str).to eq("test") +- expect(str).to be_tainted +- end +- + it "Poison null byte raises error" do + s = "123\0abc" + expect { StrLibTest.string_equals(s, s) }.to raise_error(ArgumentError) + end + +- it "Tainted String parameter should throw a SecurityError" do +- $SAFE = 1 +- str = "test" +- str.taint +- begin +- expect(LibTest.string_equals(str, str)).to be false +- rescue SecurityError +- end +- end if false + it "casts nil as NULL pointer" do + expect(StrLibTest.string_dummy(nil)).to be_nil + end diff --git a/rubygem-ffi.spec b/rubygem-ffi.spec index c95d94f..a8df0b3 100644 --- a/rubygem-ffi.spec +++ b/rubygem-ffi.spec @@ -1,12 +1,13 @@ %global gem_name ffi Name: rubygem-%{gem_name} Version: 1.10.0 -Release: 1 +Release: 2 Summary: FFI Extensions for Ruby License: BSD URL: https://www.github.com/ffi/ffi Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem Source1: https://www.github.com/ffi/%{gem_name}/archive/%{version}.tar.gz +Patch0: Remove-taint-support.patch BuildRequires: ruby(release) rubygems-devel ruby-devel gcc libffi-devel rubygem(rspec) %description Ruby-FFI is a ruby extension for programmatically loading dynamic @@ -26,6 +27,7 @@ Documentation for %{name}. %setup -q -n %{gem_name}-%{version} -b 1 ln -s %{gem_name}-%{version}/test test ln -s %{gem_name}-%{version}/spec spec +%patch0 -p1 %build gem build ../%{gem_name}-%{version}.gemspec @@ -70,5 +72,8 @@ popd %{gem_instdir}/ffi.gemspec %changelog +* Wed Jan 26 2022 liyanan - 1.10.0-2 +- Remove taint support + * Thu Aug 20 2020 xiezheng - 1.10.0-1 - package init