* io.c (argf_inplace_mode_set): prohibits an assignment

of a tainted value. Patch by unak. * util.c, file.c: prevents a buffer over-run on windows. Patch by unak. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@28522 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-07-02 10:14:05 +0000
committer: yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-07-02 10:14:05 +0000
commit: e3b9424dfa99b6027d6a7c370eaa62db369cef6d (patch)
tree: 825fd292e0fad5607cb35a184ce9dee5732e2700 /io.c
parent: 9450c64651968b16a90617876ae16a60a1e5008a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/io.c b/io.c
index 3f188ad531..ce6ce38896 100644
--- a/io.c
+++ b/io.c
@@ -8368,6 +8368,9 @@ opt_i_get(ID id, VALUE *var)
 static VALUE
 argf_inplace_mode_set(VALUE argf, VALUE val)
 {
+    if (rb_safe_level() >= 1 && OBJ_TAINTED(val))
+	rb_raise(rb_eSecurityError, "Insecure operation - ARGF.inplace_mode=");
+
     if (!RTEST(val)) {
 	if (ARGF.inplace) free(ARGF.inplace);
 	ARGF.inplace = 0;
author	yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-07-02 10:14:05 +0000
committer	yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-07-02 10:14:05 +0000
commit	e3b9424dfa99b6027d6a7c370eaa62db369cef6d (patch)
tree	825fd292e0fad5607cb35a184ce9dee5732e2700 /io.c
parent	9450c64651968b16a90617876ae16a60a1e5008a (diff)