merge revision(s) 17872:

	* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
	* ext/dl/dl.c (rb_ary_to_ptr): ditto.
	* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
	  well.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@18477 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

4 files changed, 25 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 9494789330..e66e3057b7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,15 @@ Mon Aug  4 13:39:53 2008  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 Mon Aug  4 12:25:08 2008  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* numeric.c (check_uint, rb_num2uint, rb_fix2uint): fixed wrong check
+Mon Aug 11 09:34:52 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
+
+	* ext/dl/dl.c (rb_ary_to_ptr): ditto.
+
+	* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
+	  well.
+
 	  about 64bit positive value.
 Mon Aug  4 12:25:08 2008  NAKAMURA Usaku  <usa@ruby-lang.org>
 
diff --git a/ext/dl/dl.c b/ext/dl/dl.c
index 5ba3646ea3..88e954c668 100644
--- a/ext/dl/dl.c
+++ b/ext/dl/dl.c
@@ -522,12 +522,15 @@ rb_str_to_ptr(VALUE self)
 {
   char *ptr;
   int  len;
+  VALUE p;
 
   len = RSTRING(self)->len;
   ptr = (char*)dlmalloc(len + 1);
   memcpy(ptr, RSTRING(self)->ptr, len);
   ptr[len] = '\0';
-  return rb_dlptr_new((void*)ptr,len,dlfree);
+  p = rb_dlptr_new((void*)ptr,len,dlfree);
+  OBJ_INFECT(p, self);
+  return p;
 }
 
 VALUE
@@ -545,7 +548,12 @@ rb_ary_to_ptr(int argc, VALUE argv[], VALUE self)
     ptr = rb_ary2cary(0, self, &size);
     break;
   }
-  return ptr ? rb_dlptr_new(ptr, size, dlfree) : Qnil;
+  if (ptr) {
+      VALUE p = rb_dlptr_new(ptr, size, dlfree);
+      OBJ_INFECT(p, self);
+      return p;
+  }
+  return Qnil;
 }
 
 VALUE
@@ -563,7 +571,7 @@ rb_io_to_ptr(VALUE self)
 VALUE
 rb_dl_dlopen(int argc, VALUE argv[], VALUE self)
 {
-  rb_secure(4);
+  rb_secure(2);
   return rb_class_new_instance(argc, argv, rb_cDLHandle);
 }
 
diff --git a/ext/dl/sym.c b/ext/dl/sym.c
index 01e0474f58..933fb7f4f0 100644
--- a/ext/dl/sym.c
+++ b/ext/dl/sym.c
@@ -492,6 +492,7 @@ rb_dlsym_call(int argc, VALUE argv[], VALUE self)
 	      rb_raise(rb_eDLTypeError, "unexpected type of argument #%d", i);
 	    }
 	  }
+	  rb_check_safe_obj(pval);
 	  Data_Get_Struct(pval, struct ptr_data, data);
 	  ANY2P(args[i]) = DLVOIDP(data->ptr);
 	}
diff --git a/version.h b/version.h
index ca042ca4f5..88ddd679ae 100644
--- a/version.h
+++ b/version.h
@@ -1,15 +1,15 @@
 #define RUBY_VERSION "1.8.6"
-#define RUBY_RELEASE_DATE "2008-08-08"
+#define RUBY_RELEASE_DATE "2008-08-11"
 #define RUBY_VERSION_CODE 186
-#define RUBY_RELEASE_CODE 20080808
-#define RUBY_PATCHLEVEL 286
+#define RUBY_RELEASE_CODE 20080811
+#define RUBY_PATCHLEVEL 287
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
 #define RUBY_VERSION_TEENY 6
 #define RUBY_RELEASE_YEAR 2008
 #define RUBY_RELEASE_MONTH 8
-#define RUBY_RELEASE_DAY 8
+#define RUBY_RELEASE_DAY 11
 
 #ifdef RUBY_EXTERN
 RUBY_EXTERN const char ruby_version[];