summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2009-08-03 09:15:09 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2009-08-03 09:15:09 +0000
commit0f1c1ecbd89de6dfc4133c625c2ed234f50b19f5 (patch)
tree3acf79a65b12354eb5ea1bc12d23ecdf30553fb7
parent0fe4c1decbd71c2aa5f09aa84f7b46e4394b8593 (diff)
* thread.c (recursive_push): untrust internal hash to prevent
unexpected SecurityError. a patch from Kazuhiro NISHIYAMA. Fix: #1864 [ruby-dev:38982] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24371 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog6
-rw-r--r--thread.c2
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4222376f2f0..468ecd83339 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Mon Aug 3 18:12:54 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * thread.c (recursive_push): untrust internal hash to prevent
+ unexpected SecurityError. a patch from Kazuhiro NISHIYAMA.
+ Fix: #1864 [ruby-dev:38982]
+
Mon Aug 3 17:06:05 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* lib/README: updated. a patch from Daniel Bovensiepen.
diff --git a/thread.c b/thread.c
index c6f9cea24fb..3870fc19abc 100644
--- a/thread.c
+++ b/thread.c
@@ -3362,6 +3362,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj)
}
if (NIL_P(list) || TYPE(list) != T_HASH) {
list = rb_hash_new();
+ OBJ_UNTRUST(list);
rb_hash_aset(hash, sym, list);
}
if (!paired_obj) {
@@ -3374,6 +3375,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj)
if (TYPE(pair_list) != T_HASH){
VALUE other_paired_obj = pair_list;
pair_list = rb_hash_new();
+ OBJ_UNTRUST(pair_list);
rb_hash_aset(pair_list, other_paired_obj, Qtrue);
rb_hash_aset(list, obj, pair_list);
}