From 9ebc378e9a60bea64ebe8173c5c46a8866f9e34e Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 28 Sep 2009 15:07:08 +0000
Subject: [PATCH] * hash.c (rb_f_getenv, env_fetch): env string may be
 overwritten.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25137 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog |  4 ++++
 hash.c    | 17 ++++++++++++++---
 version.h |  4 ++--
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9ba33c8696..2b0536d23e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Tue Sep 29 00:07:06 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* hash.c (rb_f_getenv, env_fetch): env string may be overwritten.
+
 Mon Sep 28 23:30:59 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* dln.c (load_lib, dln_find_exe_r): env string may be overwritten.
diff --git a/hash.c b/hash.c
index 713048f4c4..7ddba146fa 100644
--- a/hash.c
+++ b/hash.c
@@ -1915,6 +1915,8 @@ env_delete_m(VALUE obj, VALUE name)
     return val;
 }
 
+static int env_path_tainted(const char *);
+
 static VALUE
 rb_f_getenv(VALUE obj, VALUE name)
 {
@@ -1928,7 +1930,7 @@ rb_f_getenv(VALUE obj, VALUE name)
     }
     env = getenv(nam);
     if (env) {
-	if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted()) {
+	if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env)) {
 	    VALUE str = rb_str_new2(env);
 
 	    rb_obj_freeze(str);
@@ -1965,17 +1967,26 @@ env_fetch(int argc, VALUE *argv)
 	}
 	return if_none;
     }
-    if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted())
+    if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env))
 	return rb_str_new2(env);
     return env_str_new2(env);
 }
 
 static void
-path_tainted_p(char *path)
+path_tainted_p(const char *path)
 {
     path_tainted = rb_path_check(path)?0:1;
 }
 
+static int
+env_path_tainted(const char *path)
+{
+    if (path_tainted < 0) {
+	path_tainted_p(path);
+    }
+    return path_tainted;
+}
+
 int
 rb_env_path_tainted(void)
 {
diff --git a/version.h b/version.h
index 4a57cfb45c..9afaaaecd8 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.2"
-#define RUBY_RELEASE_DATE "2009-09-28"
+#define RUBY_RELEASE_DATE "2009-09-29"
 #define RUBY_PATCHLEVEL -1
 #define RUBY_BRANCH_NAME "trunk"
 
@@ -8,7 +8,7 @@
 #define RUBY_VERSION_TEENY 1
 #define RUBY_RELEASE_YEAR 2009
 #define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 28
+#define RUBY_RELEASE_DAY 29
 
 #include "ruby/version.h"