diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-13 07:49:54 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-13 07:49:54 +0000 |
| commit | c0085830b18224ed6ad825dfb55fecb61154fc8f (patch) | |
| tree | 41e8c611bdec3e0087c8f5c9acc02b00a5ba40d2 /string.c | |
| parent | fb303ec1766f4733ad782e05cd22042aabe3cfad (diff) | |
| download | ruby-c0085830b18224ed6ad825dfb55fecb61154fc8f.tar.gz ruby-c0085830b18224ed6ad825dfb55fecb61154fc8f.tar.xz ruby-c0085830b18224ed6ad825dfb55fecb61154fc8f.zip | |
* string.c (rb_str_intern): prohibit interning tainted string.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'string.c')
| -rw-r--r-- | string.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4404,6 +4404,9 @@ rb_str_intern(s) } if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len) rb_raise(rb_eArgError, "symbol string may not contain `\\0'"); + if (OBJ_TAINTED(str)) { + rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); + } id = rb_intern(RSTRING(str)->ptr); return ID2SYM(id); } |