diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-06-12 01:05:20 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-06-12 01:05:20 +0000 |
commit | 622fb1ca50ca273924a2cd6ad58a6a6ff2a7f18e (patch) | |
tree | 8cd5f1b7ecb143b9387aed7e43197dfcf14c1812 | |
parent | ff0252701e43f8f0ff40a5c4ba55977b5d902612 (diff) | |
download | ruby-622fb1ca50ca273924a2cd6ad58a6a6ff2a7f18e.tar.gz |
* io.c (rb_f_syscall): should check argument string taint before
invoking system calls.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28296 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | io.c | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Sat Jun 12 10:02:26 2010 Yukihiro Matsumoto <matz@ruby-lang.org> + + * io.c (rb_f_syscall): should check argument string taint before + invoking system calls. + Sat Jun 12 09:18:31 2010 Yukihiro Matsumoto <matz@ruby-lang.org> * variable.c (uninitialized_constant): process through @@ -7520,7 +7520,7 @@ rb_f_syscall(int argc, VALUE *argv) VALUE v = rb_check_string_type(*argv); if (!NIL_P(v)) { - StringValue(v); + SafeStringValue(v); rb_str_modify(v); arg[i] = (unsigned long)StringValueCStr(v); } |