* io.c (argf_inplace_mode_set): prohibits an assignment of a tainted

value. * file.c (ruby_find_basename, ruby_find_extname): split from rb_file_s_basename() and rb_file_s_extname(). * util.c (ruby_add_suffix): support arbitrary length of the suffix to get rid of the potential buffer overflow. reported by tarui. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-07-02 14:31:26 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-07-02 14:31:26 +0000
commit: 09ee12bb20f037233228ae546dc352b0a669cc23 (patch)
tree: 5ea9ba4d541e4b6f40312476f11bb14b852fba39 /io.c
parent: 8f4c474bd374010dac656c0a6eff7157edd87252 (diff)
download: ruby-09ee12bb20f037233228ae546dc352b0a669cc23.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/io.c b/io.c
index 05b2d45832..675f158196 100644
--- a/io.c
+++ b/io.c
@@ -9558,6 +9558,9 @@ opt_i_get(ID id, VALUE *var)
 static VALUE
 argf_inplace_mode_set(VALUE argf, VALUE val)
 {
+    if (rb_safe_level() >= 1 && OBJ_TAINTED(val))
+	rb_insecure_operation();
+
     if (!RTEST(val)) {
 	if (ARGF.inplace) free(ARGF.inplace);
 	ARGF.inplace = 0;
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-07-02 14:31:26 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-07-02 14:31:26 +0000
commit	09ee12bb20f037233228ae546dc352b0a669cc23 (patch)
tree	5ea9ba4d541e4b6f40312476f11bb14b852fba39 /io.c
parent	8f4c474bd374010dac656c0a6eff7157edd87252 (diff)
download	ruby-09ee12bb20f037233228ae546dc352b0a669cc23.tar.gz