Skip to content
Browse files

* string.c (rb_str_intern): prohibit interning tainted string.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
1 parent fb303ec commit c0085830b18224ed6ad825dfb55fecb61154fc8f matz committed Sep 13, 2006
Showing with 9 additions and 13 deletions.
  1. +2 −13 .cvsignore
  2. +4 −0 ChangeLog
  3. +3 −0 string.c
View
15 .cvsignore
@@ -8,6 +8,7 @@
.ext
.git
.svn
+.pc
.rbconfig.time
COPYING.LIB
ChangeLog.pre-alpha
@@ -26,32 +27,20 @@ config.h.in
config.log
config.status
configure
-foo.rb
libruby.so.*
miniruby
-miniruby.elhash
-miniruby.elhash2
-miniruby.orig2
-miniruby.plhash
-miniruby.plhash2
-modex.rb
newdate.rb
newver.rb
parse.c
-parse.y.try
-pitest.rb
+patches
ppack
preview
rbconfig.rb
-rename2.h
repack
riscos
rubicon
ruby
ruby-man.rd.gz
-rubyunit
-st.c.power
-this that
tmp
web
y.output
View
4 ChangeLog
@@ -1,3 +1,7 @@
+Wed Sep 13 16:43:36 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * string.c (rb_str_intern): prohibit interning tainted string.
+
Wed Sep 13 01:14:21 2006 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/optparse.rb (OptionParser#getopts): works with pre-registered
View
3 string.c
@@ -4404,6 +4404,9 @@ rb_str_intern(s)
}
if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len)
rb_raise(rb_eArgError, "symbol string may not contain `\\0'");
+ if (OBJ_TAINTED(str)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
+ }
id = rb_intern(RSTRING(str)->ptr);
return ID2SYM(id);
}

0 comments on commit c008583

Please sign in to comment.
Something went wrong with that request. Please try again.