From 8719f269f064d9134d193eb7688f510ebadd6ae7 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 29 Jul 2003 07:52:55 +0000
Subject: * lib/net/smtp.rb (Net::SMTP::send0): add taint check.

* ruby.h (LLONG_MIN): wrong value.

* io.c (rb_f_getc): $stdin may not be IO. [ruby-dev:20973]


git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@4206 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/complex.rb  | 10 +++++-----
 lib/net/smtp.rb |  4 ++++
 2 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/complex.rb b/lib/complex.rb
index 3d761beb6..9b5419ba6 100644
--- a/lib/complex.rb
+++ b/lib/complex.rb
@@ -75,14 +75,14 @@ class Complex < Numeric
   end
 
   def initialize(a, b)
-    raise "non numeric 1st arg `#{a.inspect}'" if !a.kind_of? Numeric
-    raise "`#{a.inspect}' for 1st arg" if a.kind_of? Complex
-    raise "non numeric 2nd arg `#{b.inspect}'" if !b.kind_of? Numeric
-    raise "`#{b.inspect}' for 2nd arg" if b.kind_of? Complex
+    raise TypeError, "non numeric 1st arg `#{a.inspect}'" if !a.kind_of? Numeric
+    raise TypeError, "`#{a.inspect}' for 1st arg" if a.kind_of? Complex
+    raise TypeError, "non numeric 2nd arg `#{b.inspect}'" if !b.kind_of? Numeric
+    raise TypeError, "`#{b.inspect}' for 2nd arg" if b.kind_of? Complex
     @real = a
     @image = b
   end
-  
+
   #
   # Addition with real or complex number.
   #
diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb
index 240b41d6c..3991eb18b 100644
--- a/lib/net/smtp.rb
+++ b/lib/net/smtp.rb
@@ -490,6 +490,10 @@ module Net
     def send0( from_addr, to_addrs )
       raise IOError, "closed session" unless @socket
       raise ArgumentError, 'mail destination does not given' if to_addrs.empty?
+      raise SecurityError, 'tainted from_addr' if from_addr.tainted?
+      to_addrs.each{|to| 
+        raise SecurityError, 'tainted to_addr' if to.tainted?
+      }
 
       mailfrom from_addr
       to_addrs.each do |to|
-- 
cgit