[前][次][番号順一覧][スレッド一覧]

ruby-changes:16321

From: matz <ko1@a...>
Date: Sat, 12 Jun 2010 10:08:44 +0900 (JST)
Subject: [ruby-changes:16321] Ruby:r28294 (ruby_1_8): * io.c (rb_f_syscall): should check argument string taint before

matz	2010-06-12 10:04:31 +0900 (Sat, 12 Jun 2010)

  New Revision: 28294

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=28294

  Log:
    * io.c (rb_f_syscall): should check argument string taint before
      invoking system calls.

  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/io.c

Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 28293)
+++ ruby_1_8/ChangeLog	(revision 28294)
@@ -1,3 +1,8 @@
+Sat Jun 12 10:02:26 2010  Yukihiro Matsumoto  <matz@r...>
+
+	* io.c (rb_f_syscall): should check argument string taint before
+	  invoking system calls.
+
 Thu Jun 10 14:45:28 2010  KOSAKI Motohiro  <kosaki.motohiro@g...>
 
 	* ext/dl/dl.c (rb_dl_strdup): strdup() only allocates a buffer of
Index: ruby_1_8/io.c
===================================================================
--- ruby_1_8/io.c	(revision 28293)
+++ ruby_1_8/io.c	(revision 28294)
@@ -5250,7 +5250,7 @@
 	VALUE v = rb_check_string_type(*argv);
 
 	if (!NIL_P(v)) {
-	    StringValue(v);
+	    SafeStringValue(v);
 	    rb_str_modify(v);
 	    arg[i] = (unsigned long)StringValueCStr(v);
 	}

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]