diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-10-23 15:41:17 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-10-23 15:41:17 +0000 |
commit | d0c2e3c7c95302c70a19b3d1d34bcb67da9f982f (patch) | |
tree | 98f87153e07f9132593cdc6ccd69033681e23034 /file.c | |
parent | 9c65d88c0e0bf5c148f6f591edd7f440bc4e4bf6 (diff) | |
download | ruby-d0c2e3c7c95302c70a19b3d1d34bcb67da9f982f.tar.gz |
* eval.c (rb_load, search_required, rb_require_safe, rb_require): use
frozen shared string to avoid outside modification. [ruby-dev:24580]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7106 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'file.c')
-rw-r--r-- | file.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -4104,6 +4104,7 @@ rb_find_file_ext(filep, ext) if (rb_safe_level() >= 2 && OBJ_TAINTED(fname)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } + OBJ_FREEZE(fname); f = StringValueCStr(fname); *filep = fname; } @@ -4112,6 +4113,7 @@ rb_find_file_ext(filep, ext) for (i=0; ext[i]; i++) { fname = rb_str_dup(*filep); rb_str_cat2(fname, ext[i]); + OBJ_FREEZE(fname); if (file_load_ok(StringValueCStr(fname))) { *filep = fname; return i+1; @@ -4132,6 +4134,7 @@ rb_find_file_ext(filep, ext) for (j=0; ext[j]; j++) { fname = rb_str_dup(*filep); rb_str_cat2(fname, ext[j]); + OBJ_FREEZE(fname); found = dln_find_file(StringValueCStr(fname), path); if (found && file_load_ok(found)) { *filep = fname; @@ -4155,6 +4158,7 @@ rb_find_file(path) if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } + OBJ_FREEZE(path); f = StringValueCStr(path); } @@ -4213,7 +4217,9 @@ rb_find_file(path) rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) { - return rb_str_new2(f); + tmp = rb_str_new2(f); + OBJ_FREEZE(tmp); + return tmp; } return 0; } |