From c0085830b18224ed6ad825dfb55fecb61154fc8f Mon Sep 17 00:00:00 2001 From: matz Date: Wed, 13 Sep 2006 07:49:54 +0000 Subject: * string.c (rb_str_intern): prohibit interning tainted string. git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- .cvsignore | 15 ++------------- ChangeLog | 4 ++++ string.c | 3 +++ 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/.cvsignore b/.cvsignore index 9fd96ca14..242a9b1fb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -8,6 +8,7 @@ .ext .git .svn +.pc .rbconfig.time COPYING.LIB ChangeLog.pre-alpha @@ -26,32 +27,20 @@ config.h.in config.log config.status configure -foo.rb libruby.so.* miniruby -miniruby.elhash -miniruby.elhash2 -miniruby.orig2 -miniruby.plhash -miniruby.plhash2 -modex.rb newdate.rb newver.rb parse.c -parse.y.try -pitest.rb +patches ppack preview rbconfig.rb -rename2.h repack riscos rubicon ruby ruby-man.rd.gz -rubyunit -st.c.power -this that tmp web y.output diff --git a/ChangeLog b/ChangeLog index c8f06dba0..9ad77b7f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Wed Sep 13 16:43:36 2006 Yukihiro Matsumoto + + * string.c (rb_str_intern): prohibit interning tainted string. + Wed Sep 13 01:14:21 2006 Nobuyoshi Nakada * lib/optparse.rb (OptionParser#getopts): works with pre-registered diff --git a/string.c b/string.c index 83ac1e486..681614b13 100644 --- a/string.c +++ b/string.c @@ -4404,6 +4404,9 @@ rb_str_intern(s) } if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len) rb_raise(rb_eArgError, "symbol string may not contain `\\0'"); + if (OBJ_TAINTED(str)) { + rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); + } id = rb_intern(RSTRING(str)->ptr); return ID2SYM(id); } -- cgit