Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

* string.c (rb_str_intern): prohibit interning tainted string.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
commit c0085830b18224ed6ad825dfb55fecb61154fc8f 1 parent fb303ec
matz authored

Showing 3 changed files with 9 additions and 13 deletions. Show diff stats Hide diff stats

  1. +2 13 .cvsignore
  2. +4 0 ChangeLog
  3. +3 0  string.c
15 .cvsignore
@@ -8,6 +8,7 @@
8 8 .ext
9 9 .git
10 10 .svn
  11 +.pc
11 12 .rbconfig.time
12 13 COPYING.LIB
13 14 ChangeLog.pre-alpha
@@ -26,32 +27,20 @@ config.h.in
26 27 config.log
27 28 config.status
28 29 configure
29   -foo.rb
30 30 libruby.so.*
31 31 miniruby
32   -miniruby.elhash
33   -miniruby.elhash2
34   -miniruby.orig2
35   -miniruby.plhash
36   -miniruby.plhash2
37   -modex.rb
38 32 newdate.rb
39 33 newver.rb
40 34 parse.c
41   -parse.y.try
42   -pitest.rb
  35 +patches
43 36 ppack
44 37 preview
45 38 rbconfig.rb
46   -rename2.h
47 39 repack
48 40 riscos
49 41 rubicon
50 42 ruby
51 43 ruby-man.rd.gz
52   -rubyunit
53   -st.c.power
54   -this that
55 44 tmp
56 45 web
57 46 y.output
4 ChangeLog
... ... @@ -1,3 +1,7 @@
  1 +Wed Sep 13 16:43:36 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
  2 +
  3 + * string.c (rb_str_intern): prohibit interning tainted string.
  4 +
1 5 Wed Sep 13 01:14:21 2006 Nobuyoshi Nakada <nobu@ruby-lang.org>
2 6
3 7 * lib/optparse.rb (OptionParser#getopts): works with pre-registered
3  string.c
@@ -4404,6 +4404,9 @@ rb_str_intern(s)
4404 4404 }
4405 4405 if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len)
4406 4406 rb_raise(rb_eArgError, "symbol string may not contain `\\0'");
  4407 + if (OBJ_TAINTED(str)) {
  4408 + rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
  4409 + }
4407 4410 id = rb_intern(RSTRING(str)->ptr);
4408 4411 return ID2SYM(id);
4409 4412 }

0 comments on commit c008583

Please sign in to comment.
Something went wrong with that request. Please try again.