aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--io.c2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 9adafc8e82..1f84caa708 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sat Jun 12 10:02:26 2010 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * io.c (rb_f_syscall): should check argument string taint before
+ invoking system calls.
+
Sat Jun 12 09:18:31 2010 Yukihiro Matsumoto <matz@ruby-lang.org>
* variable.c (uninitialized_constant): process through
diff --git a/io.c b/io.c
index e293728847..f09d0d273b 100644
--- a/io.c
+++ b/io.c
@@ -7520,7 +7520,7 @@ rb_f_syscall(int argc, VALUE *argv)
VALUE v = rb_check_string_type(*argv);
if (!NIL_P(v)) {
- StringValue(v);
+ SafeStringValue(v);
rb_str_modify(v);
arg[i] = (unsigned long)StringValueCStr(v);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-20 07:58:20 +0000