diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-09-02 11:20:33 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-09-02 11:20:33 +0000 |
commit | e20d3698d766a4af5483d6f719db988ae2ba8e74 (patch) | |
tree | 4ebad156ee31e9ff646ce02dac6021a0f7f2e3c8 | |
parent | 8d50ddda39e157c3037f8893454dc31f507e9f2e (diff) |
merge revision(s) 64071: [Backport #14941]
ruby.c: taint ARGV on Windows
* ruby.c (external_str_new_cstr): strings come from the external
should be tainted. [ruby-dev:50596] [Bug #14941]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ruby.c | 4 | ||||
-rw-r--r-- | test/ruby/test_rubyoptions.rb | 7 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 11 insertions, 2 deletions
@@ -2112,7 +2112,9 @@ external_str_new_cstr(const char *p) { #if UTF8_PATH VALUE str = rb_utf8_str_new_cstr(p); - return str_conv_enc(str, NULL, rb_default_external_encoding()); + str = str_conv_enc(str, NULL, rb_default_external_encoding()); + OBJ_TAINT_RAW(str); + return str; #else return rb_external_str_new_cstr(p); #endif diff --git a/test/ruby/test_rubyoptions.rb b/test/ruby/test_rubyoptions.rb index 083dcec027..da8f4e0fa7 100644 --- a/test/ruby/test_rubyoptions.rb +++ b/test/ruby/test_rubyoptions.rb @@ -983,4 +983,11 @@ class TestRubyOptions < Test::Unit::TestCase end end end + + def test_argv_tainted + assert_separately(%w[- arg], "#{<<~"begin;"}\n#{<<~'end;'}") + begin; + assert_predicate(ARGV[0], :tainted?, '[ruby-dev:50596] [Bug #14941]') + end; + end end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.5.2" #define RUBY_RELEASE_DATE "2018-09-02" -#define RUBY_PATCHLEVEL 87 +#define RUBY_PATCHLEVEL 88 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 9 |