merge revision(s) 64071: [Backport #14941]

	ruby.c: taint ARGV on Windows

	* ruby.c (external_str_new_cstr): strings come from the external
	  should be tainted.  [ruby-dev:50596] [Bug #14941]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 11 insertions, 2 deletions

diff --git a/ruby.c b/ruby.c
index 452d0a0e3c..e3271f99c2 100644
--- a/ruby.c
+++ b/ruby.c
@@ -2112,7 +2112,9 @@ external_str_new_cstr(const char *p)
 {
 #if UTF8_PATH
     VALUE str = rb_utf8_str_new_cstr(p);
-    return str_conv_enc(str, NULL, rb_default_external_encoding());
+    str = str_conv_enc(str, NULL, rb_default_external_encoding());
+    OBJ_TAINT_RAW(str);
+    return str;
 #else
     return rb_external_str_new_cstr(p);
 #endif
diff --git a/test/ruby/test_rubyoptions.rb b/test/ruby/test_rubyoptions.rb
index 083dcec027..da8f4e0fa7 100644
--- a/test/ruby/test_rubyoptions.rb
+++ b/test/ruby/test_rubyoptions.rb
@@ -983,4 +983,11 @@ class TestRubyOptions < Test::Unit::TestCase
       end
     end
   end
+
+  def test_argv_tainted
+    assert_separately(%w[- arg], "#{<<~"begin;"}\n#{<<~'end;'}")
+    begin;
+      assert_predicate(ARGV[0], :tainted?, '[ruby-dev:50596] [Bug #14941]')
+    end;
+  end
 end
diff --git a/version.h b/version.h
index 9d0ff2d780..7593828002 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.5.2"
 #define RUBY_RELEASE_DATE "2018-09-02"
-#define RUBY_PATCHLEVEL 87
+#define RUBY_PATCHLEVEL 88
 
 #define RUBY_RELEASE_YEAR 2018
 #define RUBY_RELEASE_MONTH 9