diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-09-28 15:07:08 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-09-28 15:07:08 +0000 |
commit | 9ebc378e9a60bea64ebe8173c5c46a8866f9e34e (patch) | |
tree | 2e00abc242de2c682d32164a58707bb07fb199c1 /hash.c | |
parent | 4097c096e816580f77589d2ae0d2e6263c1ffa7d (diff) | |
download | ruby-9ebc378e9a60bea64ebe8173c5c46a8866f9e34e.tar.gz |
* hash.c (rb_f_getenv, env_fetch): env string may be overwritten.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25137 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'hash.c')
-rw-r--r-- | hash.c | 17 |
1 files changed, 14 insertions, 3 deletions
@@ -1915,6 +1915,8 @@ env_delete_m(VALUE obj, VALUE name) return val; } +static int env_path_tainted(const char *); + static VALUE rb_f_getenv(VALUE obj, VALUE name) { @@ -1928,7 +1930,7 @@ rb_f_getenv(VALUE obj, VALUE name) } env = getenv(nam); if (env) { - if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted()) { + if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env)) { VALUE str = rb_str_new2(env); rb_obj_freeze(str); @@ -1965,17 +1967,26 @@ env_fetch(int argc, VALUE *argv) } return if_none; } - if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted()) + if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env)) return rb_str_new2(env); return env_str_new2(env); } static void -path_tainted_p(char *path) +path_tainted_p(const char *path) { path_tainted = rb_path_check(path)?0:1; } +static int +env_path_tainted(const char *path) +{ + if (path_tainted < 0) { + path_tainted_p(path); + } + return path_tainted; +} + int rb_env_path_tainted(void) { |