From fa4f685ef7094810c2b3b71dbb8f4de42fbfc5ea Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 31 Jan 2009 10:07:49 +0000
Subject: * load.c (rb_require_safe): raises when the path to be loaded is  
 tainted.  [ruby-dev:37843]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@21917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 load.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'load.c')

diff --git a/load.c b/load.c
index 8e66a75718..8e533771f1 100644
--- a/load.c
+++ b/load.c
@@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe)
 	rb_set_safe_level_force(safe);
 	FilePathValue(fname);
 	RB_GC_GUARD(fname) = rb_str_new4(fname);
+	rb_set_safe_level_force(0);
 	found = search_required(fname, &path);
 	if (found) {
 	    if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) {
 		result = Qfalse;
 	    }
 	    else {
-		rb_set_safe_level_force(0);
+		if (safe > 0 && OBJ_TAINTED(path)) {
+		    rb_raise(rb_eSecurityError, "cannot load from insecure path - %s",
+			     RSTRING_PTR(path));
+		}
 		switch (found) {
 		  case 'r':
 		    rb_load(path, 0);
-- 
cgit v1.2.3