From 556a67e569030495019b724a5ecc89d873f8886a Mon Sep 17 00:00:00 2001 From: yugui Date: Sat, 8 Aug 2009 15:32:51 +0000 Subject: merges r24371 from trunk into ruby_1_9_1. -- * thread.c (recursive_push): untrust internal hash to prevent unexpected SecurityError. a patch from Kazuhiro NISHIYAMA. Fix: #1864 [ruby-dev:38982] git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1@24462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 6 ++++++ thread.c | 2 ++ version.h | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 72c24a889..e20dcee39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Mon Aug 3 18:12:54 2009 Yukihiro Matsumoto + + * thread.c (recursive_push): untrust internal hash to prevent + unexpected SecurityError. a patch from Kazuhiro NISHIYAMA. + Fix: #1864 [ruby-dev:38982] + Mon Aug 3 17:06:05 2009 Yukihiro Matsumoto * lib/README: updated. a patch from Daniel Bovensiepen. diff --git a/thread.c b/thread.c index bc6614b17..c264b58af 100644 --- a/thread.c +++ b/thread.c @@ -3333,6 +3333,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj) } if (NIL_P(list) || TYPE(list) != T_HASH) { list = rb_hash_new(); + OBJ_UNTRUST(list); rb_hash_aset(hash, sym, list); } if (!paired_obj) { @@ -3345,6 +3346,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj) if (TYPE(pair_list) != T_HASH){ VALUE other_paired_obj = pair_list; pair_list = rb_hash_new(); + OBJ_UNTRUST(pair_list); rb_hash_aset(pair_list, other_paired_obj, Qtrue); rb_hash_aset(list, obj, pair_list); } diff --git a/version.h b/version.h index 600082477..da326e43d 100644 --- a/version.h +++ b/version.h @@ -1,5 +1,5 @@ #define RUBY_VERSION "1.9.1" -#define RUBY_PATCHLEVEL 266 +#define RUBY_PATCHLEVEL 267 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 9 #define RUBY_VERSION_TEENY 1 -- cgit