From 724b4e38b39a53602aea57b6bf63033f5bdd7278 Mon Sep 17 00:00:00 2001 From: matz Date: Fri, 21 Dec 2001 09:23:28 +0000 Subject: * time.c (time_plus): result should not be negative unless NEGATIVE_TIME_T is defined. * time.c (time_new_internal): should check tv_sec overflow too. * time.c (time_timeval): should check time_t range when time is initialized from float. * time.c (time_plus): uses modf(3). * variable.c (rb_cvar_set): add frozen class/module check. * variable.c (rb_cvar_declare): add frozen class/module check. * re.c (match_to_a): should propagate taint. * re.c (rb_reg_s_quote): ditto. git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@1933 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- variable.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'variable.c') diff --git a/variable.c b/variable.c index ce8180f02..8b9dfaa1d 100644 --- a/variable.c +++ b/variable.c @@ -1459,16 +1459,15 @@ rb_cvar_set(klass, id, val) tmp = klass; while (tmp) { - if (RCLASS(tmp)->iv_tbl) { - if (st_lookup(RCLASS(tmp)->iv_tbl,id,0)) { - if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify class variable"); - st_insert(RCLASS(tmp)->iv_tbl,id,val); - if (ruby_verbose) { - cvar_override_check(id, tmp); - } - return; + if (RCLASS(tmp)->iv_tbl && st_lookup(RCLASS(tmp)->iv_tbl,id,0)) { + if (OBJ_FROZEN(tmp)) rb_error_frozen("class/module"); + if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify class variable"); + st_insert(RCLASS(tmp)->iv_tbl,id,val); + if (ruby_verbose) { + cvar_override_check(id, tmp); } + return; } tmp = RCLASS(tmp)->super; } @@ -1488,6 +1487,7 @@ rb_cvar_declare(klass, id, val) tmp = klass; while (tmp) { if (RCLASS(tmp)->iv_tbl && st_lookup(RCLASS(tmp)->iv_tbl,id,0)) { + if (OBJ_FROZEN(tmp)) rb_error_frozen("class/module"); if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4) rb_raise(rb_eSecurityError, "Insecure: can't modify class variable"); if (ruby_verbose && klass != tmp) { -- cgit