[前][次][番号順一覧][スレッド一覧]

ruby-changes:14448

From: knu <ko1@a...>
Date: Mon, 11 Jan 2010 03:08:07 +0900 (JST)
Subject: [ruby-changes:14448] Ruby:r26277 (ruby_1_8): * eval.c (recursive_push): Taint internal hash to prevent

knu	2010-01-11 03:07:50 +0900 (Mon, 11 Jan 2010)

  New Revision: 26277

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26277

  Log:
    * eval.c (recursive_push): Taint internal hash to prevent
      unexpected SecurityError; fixes #1864.

  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/eval.c

Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 26276)
+++ ruby_1_8/ChangeLog	(revision 26277)
@@ -1,3 +1,8 @@
+Mon Jan 11 03:04:12 2010  Akinori MUSHA  <knu@i...>
+
+	* eval.c (recursive_push): Taint internal hash to prevent
+	  unexpected SecurityError; fixes #1864.
+
 Sun Jan 10 17:25:24 2010  Nobuyoshi Nakada  <nobu@r...>
 
 	* lib/webrick/accesslog.rb : Escape needed.
Index: ruby_1_8/eval.c
===================================================================
--- ruby_1_8/eval.c	(revision 26276)
+++ ruby_1_8/eval.c	(revision 26277)
@@ -13853,6 +13853,7 @@
     sym = ID2SYM(rb_frame_last_func());
     if (NIL_P(hash) || TYPE(hash) != T_HASH) {
 	hash = rb_hash_new();
+	OBJ_TAINT(hash);
 	rb_thread_local_aset(rb_thread_current(), recursive_key, hash);
 	list = Qnil;
     }
@@ -13861,6 +13862,7 @@
     }
     if (NIL_P(list) || TYPE(list) != T_HASH) {
 	list = rb_hash_new();
+	OBJ_TAINT(list);
 	rb_hash_aset(hash, sym, list);
     }
     rb_hash_aset(list, obj, Qtrue);

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]