1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* string.c (rb_str_intern): prohibit interning tainted string.

Browse Source 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
matz 2006-09-13 08:15:21 +00:00
parent 62f8f1419c
commit 96a8a44317
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
Wed Sep 13 16:43:36 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
* string.c (rb_str_intern): prohibit interning tainted string.
Wed Sep 13 01:14:02 2006 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/optparse.rb (OptionParser#getopts): works with pre-registered

3
string.c
View File

@ -4153,6 +4153,9 @@ rb_str_intern(VALUE s)
}
if (strlen(RSTRING_PTR(str)) != RSTRING_LEN(str))
rb_raise(rb_eArgError, "symbol string may not contain `\\0'");
if (OBJ_TAINTED(str)) {
rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
}
id = rb_intern(RSTRING_PTR(str));
return ID2SYM(id);
}