diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2014-09-10 02:42:11 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2014-09-10 02:42:11 +0000 |
commit | 5483a6b8fe8c0c8fa0e270d47867928f314d9a19 (patch) | |
tree | d9aaad70f59b901852f1508c6b590f79538acf35 /hash.c | |
parent | 7fdb955c36db70a17fbd46ad1f9c5f3d156682b2 (diff) |
merge revision(s) 46547: [Backport #9976]
* hash.c (env_aset, env_has_key, env_assoc, env_has_value),
(env_rassoc, env_key): prohibit tainted strings if $SAFE is
non-zero. [Bug #9976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@47492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'hash.c')
-rw-r--r-- | hash.c | 14 |
1 files changed, 9 insertions, 5 deletions
@@ -2547,8 +2547,8 @@ env_aset(VALUE obj, VALUE nm, VALUE val) env_delete(obj, nm); return Qnil; } - StringValue(nm); - StringValue(val); + SafeStringValue(nm); + SafeStringValue(val); name = RSTRING_PTR(nm); value = RSTRING_PTR(val); if (memchr(name, '\0', RSTRING_LEN(nm))) @@ -3048,7 +3048,8 @@ env_has_key(VALUE env, VALUE key) char *s; rb_secure(4); - s = StringValuePtr(key); + SafeStringValue(key); + s = RSTRING_PTR(key); if (memchr(s, '\0', RSTRING_LEN(key))) rb_raise(rb_eArgError, "bad environment variable name"); if (getenv(s)) return Qtrue; @@ -3068,7 +3069,8 @@ env_assoc(VALUE env, VALUE key) char *s, *e; rb_secure(4); - s = StringValuePtr(key); + SafeStringValue(key); + s = RSTRING_PTR(key); if (memchr(s, '\0', RSTRING_LEN(key))) rb_raise(rb_eArgError, "bad environment variable name"); e = getenv(s); @@ -3091,6 +3093,7 @@ env_has_value(VALUE dmy, VALUE obj) rb_secure(4); obj = rb_check_string_type(obj); if (NIL_P(obj)) return Qnil; + rb_check_safe_obj(obj); env = GET_ENVIRON(environ); while (*env) { char *s = strchr(*env, '='); @@ -3122,6 +3125,7 @@ env_rassoc(VALUE dmy, VALUE obj) rb_secure(4); obj = rb_check_string_type(obj); if (NIL_P(obj)) return Qnil; + rb_check_safe_obj(obj); env = GET_ENVIRON(environ); while (*env) { char *s = strchr(*env, '='); @@ -3153,7 +3157,7 @@ env_key(VALUE dmy, VALUE value) VALUE str; rb_secure(4); - StringValue(value); + SafeStringValue(value); env = GET_ENVIRON(environ); while (*env) { char *s = strchr(*env, '='); |