[前][次][番号順一覧][スレッド一覧]

ruby-changes:13368

From: nobu <ko1@a...>
Date: Tue, 29 Sep 2009 00:07:28 +0900 (JST)
Subject: [ruby-changes:13368] Ruby:r25137 (trunk): * hash.c (rb_f_getenv, env_fetch): env string may be overwritten.

nobu	2009-09-29 00:07:08 +0900 (Tue, 29 Sep 2009)

  New Revision: 25137

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=25137

  Log:
    * hash.c (rb_f_getenv, env_fetch): env string may be overwritten.

  Modified files:
    trunk/ChangeLog
    trunk/hash.c
    trunk/version.h

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 25136)
+++ ChangeLog	(revision 25137)
@@ -1,3 +1,7 @@
+Tue Sep 29 00:07:06 2009  Nobuyoshi Nakada  <nobu@r...>
+
+	* hash.c (rb_f_getenv, env_fetch): env string may be overwritten.
+
 Mon Sep 28 23:30:59 2009  Nobuyoshi Nakada  <nobu@r...>
 
 	* dln.c (load_lib, dln_find_exe_r): env string may be overwritten.
Index: hash.c
===================================================================
--- hash.c	(revision 25136)
+++ hash.c	(revision 25137)
@@ -1915,6 +1915,8 @@
     return val;
 }
 
+static int env_path_tainted(const char *);
+
 static VALUE
 rb_f_getenv(VALUE obj, VALUE name)
 {
@@ -1928,7 +1930,7 @@
     }
     env = getenv(nam);
     if (env) {
-	if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted()) {
+	if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env)) {
 	    VALUE str = rb_str_new2(env);
 
 	    rb_obj_freeze(str);
@@ -1965,17 +1967,26 @@
 	}
 	return if_none;
     }
-    if (ENVMATCH(nam, PATH_ENV) && !rb_env_path_tainted())
+    if (ENVMATCH(nam, PATH_ENV) && !env_path_tainted(env))
 	return rb_str_new2(env);
     return env_str_new2(env);
 }
 
 static void
-path_tainted_p(char *path)
+path_tainted_p(const char *path)
 {
     path_tainted = rb_path_check(path)?0:1;
 }
 
+static int
+env_path_tainted(const char *path)
+{
+    if (path_tainted < 0) {
+	path_tainted_p(path);
+    }
+    return path_tainted;
+}
+
 int
 rb_env_path_tainted(void)
 {
Index: version.h
===================================================================
--- version.h	(revision 25136)
+++ version.h	(revision 25137)
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.2"
-#define RUBY_RELEASE_DATE "2009-09-28"
+#define RUBY_RELEASE_DATE "2009-09-29"
 #define RUBY_PATCHLEVEL -1
 #define RUBY_BRANCH_NAME "trunk"
 
@@ -8,7 +8,7 @@
 #define RUBY_VERSION_TEENY 1
 #define RUBY_RELEASE_YEAR 2009
 #define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 28
+#define RUBY_RELEASE_DAY 29
 
 #include "ruby/version.h"
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]