diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-08-03 09:15:09 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-08-03 09:15:09 +0000 |
commit | 0f1c1ecbd89de6dfc4133c625c2ed234f50b19f5 (patch) | |
tree | 3acf79a65b12354eb5ea1bc12d23ecdf30553fb7 /thread.c | |
parent | 0fe4c1decbd71c2aa5f09aa84f7b46e4394b8593 (diff) | |
download | ruby-0f1c1ecbd89de6dfc4133c625c2ed234f50b19f5.tar.gz |
* thread.c (recursive_push): untrust internal hash to prevent
unexpected SecurityError. a patch from Kazuhiro NISHIYAMA.
Fix: #1864 [ruby-dev:38982]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24371 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'thread.c')
-rw-r--r-- | thread.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -3362,6 +3362,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj) } if (NIL_P(list) || TYPE(list) != T_HASH) { list = rb_hash_new(); + OBJ_UNTRUST(list); rb_hash_aset(hash, sym, list); } if (!paired_obj) { @@ -3374,6 +3375,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj) if (TYPE(pair_list) != T_HASH){ VALUE other_paired_obj = pair_list; pair_list = rb_hash_new(); + OBJ_UNTRUST(pair_list); rb_hash_aset(pair_list, other_paired_obj, Qtrue); rb_hash_aset(list, obj, pair_list); } |