diff options
| author | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2002-07-11 04:02:08 +0000 |
|---|---|---|
| committer | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2002-07-11 04:02:08 +0000 |
| commit | 5726b69317a7767c2b303731988f98072c578aca (patch) | |
| tree | 2f4aa0191193ba23011de741fccd952f2908b13c | |
| parent | e64d553b6236fe5e650c39eeaf94c62444380dbd (diff) | |
| download | ruby-5726b69317a7767c2b303731988f98072c578aca.tar.gz ruby-5726b69317a7767c2b303731988f98072c578aca.tar.xz ruby-5726b69317a7767c2b303731988f98072c578aca.zip | |
* lib/resolv.rb: untaint strings read from /etc/hosts and
/etc/resolv.conf to prevent SecurityError when $SAFE==1.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@2631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | lib/resolv.rb | 6 |
2 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,8 @@ +Thu Jul 11 12:59:23 2002 Shugo Maeda <shugo@ruby-lang.org> + + * lib/resolv.rb: untaint strings read from /etc/hosts and + /etc/resolv.conf to prevent SecurityError when $SAFE==1. + Tue Jul 9 20:03:55 2002 Keiju Ishitsuka <keiju@ishitsuka.com> * irb 0.9 diff --git a/lib/resolv.rb b/lib/resolv.rb index 83246a135..631690958 100644 --- a/lib/resolv.rb +++ b/lib/resolv.rb @@ -284,12 +284,15 @@ class Resolv line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/) next unless addr + addr.untaint + hostname.untaint @addr2name[addr] = [] unless @addr2name.include? addr @addr2name[addr] << hostname @addr2name[addr] += aliases @name2addr[hostname] = [] unless @name2addr.include? hostname @name2addr[hostname] << addr aliases.each {|n| + n.untaint @name2addr[n] = [] unless @name2addr.include? n @name2addr[n] << addr } @@ -689,6 +692,9 @@ class Resolv f.each {|line| line.sub!(/[#;].*/, '') keyword, *args = line.split(/\s+/) + args.each { |arg| + arg.untaint + } next unless keyword case keyword when 'nameserver' |