From 89014bb6e4d1fb3502efcbff0f5470c108d5bd44 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 13 Sep 2006 08:15:21 +0000
Subject: * string.c (rb_str_intern): prohibit interning tainted string.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@10918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 4 ++++
 string.c  | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 5f2e473f8..2acdf6450 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Sep 13 16:43:36 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
+ 
+ 	* string.c (rb_str_intern): prohibit interning tainted string.
+ 
 Wed Sep 13 01:14:02 2006  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* lib/optparse.rb (OptionParser#getopts): works with pre-registered
diff --git a/string.c b/string.c
index 094907fe5..332b6186d 100644
--- a/string.c
+++ b/string.c
@@ -4153,6 +4153,9 @@ rb_str_intern(VALUE s)
     }
     if (strlen(RSTRING_PTR(str)) != RSTRING_LEN(str))
 	rb_raise(rb_eArgError, "symbol string may not contain `\\0'");
+    if (OBJ_TAINTED(str)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
+    }
     id = rb_intern(RSTRING_PTR(str));
     return ID2SYM(id);
 }
-- 
cgit