diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-13 08:15:21 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-13 08:15:21 +0000 |
commit | 96a8a44317a27320d7c4359c17559826bd4276ed (patch) | |
tree | 158e56a64b390e4e2ef996530aeb1c053da1e6f8 | |
parent | 62f8f1419c2d666a113d02f021c20673a0f49d48 (diff) | |
download | ruby-96a8a44317a27320d7c4359c17559826bd4276ed.tar.gz |
* string.c (rb_str_intern): prohibit interning tainted string.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | string.c | 3 |
2 files changed, 7 insertions, 0 deletions
@@ -1,3 +1,7 @@ +Wed Sep 13 16:43:36 2006 Yukihiro Matsumoto <matz@ruby-lang.org> + + * string.c (rb_str_intern): prohibit interning tainted string. + Wed Sep 13 01:14:02 2006 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/optparse.rb (OptionParser#getopts): works with pre-registered @@ -4153,6 +4153,9 @@ rb_str_intern(VALUE s) } if (strlen(RSTRING_PTR(str)) != RSTRING_LEN(str)) rb_raise(rb_eArgError, "symbol string may not contain `\\0'"); + if (OBJ_TAINTED(str)) { + rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); + } id = rb_intern(RSTRING_PTR(str)); return ID2SYM(id); } |