ruby-changes:52407
From: nagachika <ko1@a...>
Date: Sun, 2 Sep 2018 20:20:39 +0900 (JST)
Subject: [ruby-changes:52407] nagachika:r64616 (ruby_2_5): merge revision(s) 64071: [Backport #14941]
nagachika 2018-09-02 20:20:33 +0900 (Sun, 02 Sep 2018) New Revision: 64616 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=64616 Log: merge revision(s) 64071: [Backport #14941] ruby.c: taint ARGV on Windows * ruby.c (external_str_new_cstr): strings come from the external should be tainted. [ruby-dev:50596] [Bug #14941] Modified directories: branches/ruby_2_5/ Modified files: branches/ruby_2_5/ruby.c branches/ruby_2_5/test/ruby/test_rubyoptions.rb branches/ruby_2_5/version.h Index: ruby_2_5/ruby.c =================================================================== --- ruby_2_5/ruby.c (revision 64615) +++ ruby_2_5/ruby.c (revision 64616) @@ -2112,7 +2112,9 @@ external_str_new_cstr(const char *p) https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ruby.c#L2112 { #if UTF8_PATH VALUE str = rb_utf8_str_new_cstr(p); - return str_conv_enc(str, NULL, rb_default_external_encoding()); + str = str_conv_enc(str, NULL, rb_default_external_encoding()); + OBJ_TAINT_RAW(str); + return str; #else return rb_external_str_new_cstr(p); #endif Index: ruby_2_5/version.h =================================================================== --- ruby_2_5/version.h (revision 64615) +++ ruby_2_5/version.h (revision 64616) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/version.h#L1 #define RUBY_VERSION "2.5.2" #define RUBY_RELEASE_DATE "2018-09-02" -#define RUBY_PATCHLEVEL 87 +#define RUBY_PATCHLEVEL 88 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 9 Index: ruby_2_5/test/ruby/test_rubyoptions.rb =================================================================== --- ruby_2_5/test/ruby/test_rubyoptions.rb (revision 64615) +++ ruby_2_5/test/ruby/test_rubyoptions.rb (revision 64616) @@ -983,4 +983,11 @@ class TestRubyOptions < Test::Unit::Test https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/ruby/test_rubyoptions.rb#L983 end end end + + def test_argv_tainted + assert_separately(%w[- arg], "#{<<~"begin;"}\n#{<<~'end;'}") + begin; + assert_predicate(ARGV[0], :tainted?, '[ruby-dev:50596] [Bug #14941]') + end; + end end Index: ruby_2_5 =================================================================== --- ruby_2_5 (revision 64615) +++ ruby_2_5 (revision 64616) Property changes on: ruby_2_5 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r64071 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/