diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-10-23 15:41:17 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-10-23 15:41:17 +0000 |
commit | 3b6dac4e1dc5e24d641353637a2962b58f3a7b6c (patch) | |
tree | 16754d090b3d6bd9d7be4142b4f164b1a3d69500 | |
parent | 359ba4eb05089b89c0b5ef14ab8e928f370a536f (diff) |
* eval.c (rb_load, search_required, rb_require_safe, rb_require): use
frozen shared string to avoid outside modification. [ruby-dev:24580]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7106 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | eval.c | 10 | ||||
-rw-r--r-- | file.c | 8 |
3 files changed, 21 insertions, 4 deletions
@@ -1,3 +1,8 @@ +Sun Oct 24 00:41:09 2004 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * eval.c (rb_load, search_required, rb_require_safe, rb_require): use + frozen shared string to avoid outside modification. [ruby-dev:24580] + Sat Oct 23 00:20:55 2004 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/zlib/zlib.c (zstream_run): always use zstream_append_input() @@ -10,7 +15,7 @@ Fri Oct 22 12:02:28 2004 Yukihiro Matsumoto <matz@ruby-lang.org> Fri Oct 22 10:36:37 2004 GOTOU Yuuzou <gotoyuzo@notwork.org> - * lib/webrick/httprequest.rb (WEBrick::HTTPRequest#meta_vars): + * lib/webrick/httprequest.rb (WEBrick::HTTPRequest#meta_vars): should check if path_info is not nil. Fri Oct 22 00:22:31 2004 Yukihiro Matsumoto <matz@ruby-lang.org> @@ -6444,6 +6444,7 @@ rb_load(fname, wrap) else { SafeStringValue(fname); } + fname = rb_str_new4(fname); tmp = rb_find_file(fname); if (!tmp) { load_failed(fname); @@ -6696,7 +6697,7 @@ search_required(fname, featurep, path) char *ext, *ftptr; int type; - *featurep = fname = rb_str_new4(fname); + *featurep = fname; *path = 0; ext = strrchr(ftptr = RSTRING(fname)->ptr, '.'); if (ext && !strchr(ext, '/')) { @@ -6710,6 +6711,7 @@ search_required(fname, featurep, path) tmp = rb_str_new(RSTRING(fname)->ptr, ext-RSTRING(fname)->ptr); *featurep = tmp; #ifdef DLEXT2 + OBJ_FREEZE(tmp); if (rb_find_file_ext(&tmp, loadable_ext+1)) { *featurep = tmp; *path = rb_find_file(tmp); @@ -6717,6 +6719,7 @@ search_required(fname, featurep, path) } #else rb_str_cat2(tmp, DLEXT); + OBJ_FREEZE(tmp); if (*path = rb_find_file(tmp)) { return 's'; } @@ -6771,6 +6774,7 @@ rb_require_safe(fname, safe) rb_check_safe_obj(fname); } StringValue(fname); + fname = rb_str_new4(fname); saved.vmode = scope_vmode; saved.node = ruby_current_node; saved.func = ruby_frame->last_func; @@ -6841,7 +6845,9 @@ VALUE rb_require(fname) const char *fname; { - return rb_require_safe(rb_str_new2(fname), ruby_safe_level); + VALUE fn = rb_str_new2(fname); + OBJ_FREEZE(fn); + return rb_require_safe(fn, ruby_safe_level); } static void @@ -3936,6 +3936,7 @@ rb_find_file_ext(filep, ext) if (rb_safe_level() >= 2 && OBJ_TAINTED(fname)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } + OBJ_FREEZE(fname); f = StringValueCStr(fname); *filep = fname; } @@ -3944,6 +3945,7 @@ rb_find_file_ext(filep, ext) for (i=0; ext[i]; i++) { fname = rb_str_dup(*filep); rb_str_cat2(fname, ext[i]); + OBJ_FREEZE(fname); if (file_load_ok(StringValueCStr(fname))) { *filep = fname; return i+1; @@ -3964,6 +3966,7 @@ rb_find_file_ext(filep, ext) for (j=0; ext[j]; j++) { fname = rb_str_dup(*filep); rb_str_cat2(fname, ext[j]); + OBJ_FREEZE(fname); found = dln_find_file(StringValueCStr(fname), path); if (found && file_load_ok(found)) { *filep = fname; @@ -3987,6 +3990,7 @@ rb_find_file(path) if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } + OBJ_FREEZE(path); f = StringValueCStr(path); } @@ -4045,7 +4049,9 @@ rb_find_file(path) rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) { - return rb_str_new2(f); + tmp = rb_str_new2(f); + OBJ_FREEZE(tmp); + return tmp; } return 0; } |