diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-13 08:15:21 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-13 08:15:21 +0000 |
| commit | 89014bb6e4d1fb3502efcbff0f5470c108d5bd44 (patch) | |
| tree | 158e56a64b390e4e2ef996530aeb1c053da1e6f8 /string.c | |
| parent | 21ae83c43e7ed769dddc11b756bd087a4b06613c (diff) | |
| download | ruby-89014bb6e4d1fb3502efcbff0f5470c108d5bd44.tar.gz ruby-89014bb6e4d1fb3502efcbff0f5470c108d5bd44.tar.xz ruby-89014bb6e4d1fb3502efcbff0f5470c108d5bd44.zip | |
* string.c (rb_str_intern): prohibit interning tainted string.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@10918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'string.c')
| -rw-r--r-- | string.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4153,6 +4153,9 @@ rb_str_intern(VALUE s) } if (strlen(RSTRING_PTR(str)) != RSTRING_LEN(str)) rb_raise(rb_eArgError, "symbol string may not contain `\\0'"); + if (OBJ_TAINTED(str)) { + rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); + } id = rb_intern(RSTRING_PTR(str)); return ID2SYM(id); } |