* eval.c (recursive_push): Taint internal hash to prevent

unexpected SecurityError; fixes #1864. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@26277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-01-10 18:07:50 +0000
committer: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-01-10 18:07:50 +0000
commit: 386c4b9d00181dd587495fb16013f0a1620af5ab (patch)
tree: d556b07148e6ad8b4d07dd33d4536b4c966c3092
parent: 467f377161cc9e301134711f8cd617ba28ace440 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 70dd18e510..d81852e7e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Mon Jan 11 03:04:12 2010  Akinori MUSHA  <knu@iDaemons.org>
+
+	* eval.c (recursive_push): Taint internal hash to prevent
+	  unexpected SecurityError; fixes #1864.
+
 Sun Jan 10 17:25:24 2010  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* lib/webrick/accesslog.rb : Escape needed.
diff --git a/eval.c b/eval.c
index a56eb80ed7..c691485689 100644
--- a/eval.c
+++ b/eval.c
@@ -13853,6 +13853,7 @@ recursive_push(hash, obj)
     sym = ID2SYM(rb_frame_last_func());
     if (NIL_P(hash) || TYPE(hash) != T_HASH) {
 	hash = rb_hash_new();
+	OBJ_TAINT(hash);
 	rb_thread_local_aset(rb_thread_current(), recursive_key, hash);
 	list = Qnil;
     }
@@ -13861,6 +13862,7 @@ recursive_push(hash, obj)
     }
     if (NIL_P(list) || TYPE(list) != T_HASH) {
 	list = rb_hash_new();
+	OBJ_TAINT(list);
 	rb_hash_aset(hash, sym, list);
     }
     rb_hash_aset(list, obj, Qtrue);
author	knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-01-10 18:07:50 +0000
committer	knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-01-10 18:07:50 +0000
commit	386c4b9d00181dd587495fb16013f0a1620af5ab (patch)
tree	d556b07148e6ad8b4d07dd33d4536b4c966c3092
parent	467f377161cc9e301134711f8cd617ba28ace440 (diff)