diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-07-02 10:14:05 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-07-02 10:14:05 +0000 |
commit | e3b9424dfa99b6027d6a7c370eaa62db369cef6d (patch) | |
tree | 825fd292e0fad5607cb35a184ce9dee5732e2700 /io.c | |
parent | 9450c64651968b16a90617876ae16a60a1e5008a (diff) |
* io.c (argf_inplace_mode_set): prohibits an assignment
of a tainted value. Patch by unak.
* util.c, file.c: prevents a buffer over-run on windows.
Patch by unak.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@28522 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'io.c')
-rw-r--r-- | io.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -8368,6 +8368,9 @@ opt_i_get(ID id, VALUE *var) static VALUE argf_inplace_mode_set(VALUE argf, VALUE val) { + if (rb_safe_level() >= 1 && OBJ_TAINTED(val)) + rb_raise(rb_eSecurityError, "Insecure operation - ARGF.inplace_mode="); + if (!RTEST(val)) { if (ARGF.inplace) free(ARGF.inplace); ARGF.inplace = 0; |