* hash.c (rb_f_getenv, env_fetch): env string may be overwritten.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25137 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,7 @@
+Tue Sep 29 00:07:06 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* hash.c (rb_f_getenv, env_fetch): env string may be overwritten.
+
 Mon Sep 28 23:30:59 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* dln.c (load_lib, dln_find_exe_r): env string may be overwritten.

hash.c

@@ -1915,6 +1915,8 @@ env_delete_m(VALUE obj, VALUE name)
     return val;
 }
 
+static int env_path_tainted(const char *);
+
 static VALUE
 rb_f_getenv(VALUE obj, VALUE name)
 {
@@ -1928,7 +1930,7 @@ rb_f_getenv(VALUE obj, VALUE name)
     }
     env = getenv(nam);
     if (env) {
-	if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted()) {
+	if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env)) {
 	    VALUE str = rb_str_new2(env);
 
 	    rb_obj_freeze(str);
@@ -1965,17 +1967,26 @@ env_fetch(int argc, VALUE *argv)
 	}
 	return if_none;
     }
-    if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted())
+    if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env))
 	return rb_str_new2(env);
     return env_str_new2(env);
 }
 
 static void
-path_tainted_p(char *path)
+path_tainted_p(const char *path)
 {
     path_tainted = rb_path_check(path)?0:1;
 }
 
+static int
+env_path_tainted(const char *path)
+{
+    if (path_tainted < 0) {
+	path_tainted_p(path);
+    }
+    return path_tainted;
+}
+
 int
 rb_env_path_tainted(void)
 {

version.h

@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.2"
-#define RUBY_RELEASE_DATE "2009-09-28"
+#define RUBY_RELEASE_DATE "2009-09-29"
 #define RUBY_PATCHLEVEL -1
 #define RUBY_BRANCH_NAME "trunk"
 
@@ -8,7 +8,7 @@
 #define RUBY_VERSION_TEENY 1
 #define RUBY_RELEASE_YEAR 2009
 #define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 28
+#define RUBY_RELEASE_DAY 29
 
 #include "ruby/version.h"