From fecda0d9f72f52f9777fb32f63eb2471353221ec Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 25 Sep 2011 07:54:35 +0000
Subject: * encoding.c (require_enc): reject only loading from untrusted   load
 paths.  [ruby-dev:44541] [Bug #5279] * transcode.c (load_transcoder_entry):
 ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 transcode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'transcode.c')

diff --git a/transcode.c b/transcode.c
index 7caad0f87c..e813516563 100644
--- a/transcode.c
+++ b/transcode.c
@@ -370,6 +370,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
         const size_t total_len = sizeof(transcoder_lib_prefix) - 1 + len;
         const VALUE fn = rb_str_new(0, total_len);
         char *const path = RSTRING_PTR(fn);
+	const int safe = rb_safe_level();
 
         entry->lib = NULL;
 
@@ -378,7 +379,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
         rb_str_set_len(fn, total_len);
         FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED);
         OBJ_FREEZE(fn);
-        if (!rb_require_safe(fn, rb_safe_level()))
+        if (!rb_require_safe(fn, safe > 3 ? 3 : safe))
             return NULL;
     }
 
-- 
cgit v1.2.3