ruby-changes:49234
From: nobu <ko1@a...>
Date: Wed, 20 Dec 2017 13:18:37 +0900 (JST)
Subject: [ruby-changes:49234] nobu:r61349 (trunk): Fixed command Injection
nobu 2017-12-20 13:18:31 +0900 (Wed, 20 Dec 2017) New Revision: 61349 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=61349 Log: Fixed command Injection * resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential command Injection in Hosts::new() by use of Kernel#open. [Fix GH-1777] [ruby-core:84347] [Bug #14205] From: Drigg3r <drigg3r@y...> Modified files: trunk/lib/resolv.rb Index: lib/resolv.rb =================================================================== --- lib/resolv.rb (revision 61348) +++ lib/resolv.rb (revision 61349) @@ -188,7 +188,7 @@ class Resolv https://github.com/ruby/ruby/blob/trunk/lib/resolv.rb#L188 unless @initialized @name2addr = {} @addr2name = {} - open(@filename, 'rb') {|f| + File.open(@filename, 'rb') {|f| f.each {|line| line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/