* thread.c (recursive_push): untrust internal hash to prevent

  unexpected SecurityError.  a patch from Kazuhiro NISHIYAMA.
  Fix: #1864  [ruby-dev:38982]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24371 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 8 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 4222376f2f..468ecd8333 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Mon Aug  3 18:12:54 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* thread.c (recursive_push): untrust internal hash to prevent
+	  unexpected SecurityError.  a patch from Kazuhiro NISHIYAMA.
+	  Fix: #1864  [ruby-dev:38982]
+
 Mon Aug  3 17:06:05 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* lib/README: updated.  a patch from Daniel Bovensiepen.
diff --git a/thread.c b/thread.c
index c6f9cea24f..3870fc19ab 100644
--- a/thread.c
+++ b/thread.c
@@ -3362,6 +3362,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj)
     }
     if (NIL_P(list) || TYPE(list) != T_HASH) {
 	list = rb_hash_new();
+	OBJ_UNTRUST(list);
 	rb_hash_aset(hash, sym, list);
     }
     if (!paired_obj) {
@@ -3374,6 +3375,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj)
 	if (TYPE(pair_list) != T_HASH){
 	    VALUE other_paired_obj = pair_list;
 	    pair_list = rb_hash_new();
+	    OBJ_UNTRUST(pair_list);
 	    rb_hash_aset(pair_list, other_paired_obj, Qtrue);
 	    rb_hash_aset(list, obj, pair_list);
 	}