diff options
author | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2002-07-11 04:02:08 +0000 |
---|---|---|
committer | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2002-07-11 04:02:08 +0000 |
commit | da72e5a64442c9649689f347e2cc237ec3f41bf8 (patch) | |
tree | 2f4aa0191193ba23011de741fccd952f2908b13c /lib/resolv.rb | |
parent | daba1fcdc045b97e9fd61f0a978867f36f200d4e (diff) |
* lib/resolv.rb: untaint strings read from /etc/hosts and
/etc/resolv.conf to prevent SecurityError when $SAFE==1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@2631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/resolv.rb')
-rw-r--r-- | lib/resolv.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/resolv.rb b/lib/resolv.rb index 83246a135d..6316909583 100644 --- a/lib/resolv.rb +++ b/lib/resolv.rb @@ -284,12 +284,15 @@ class Resolv line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/) next unless addr + addr.untaint + hostname.untaint @addr2name[addr] = [] unless @addr2name.include? addr @addr2name[addr] << hostname @addr2name[addr] += aliases @name2addr[hostname] = [] unless @name2addr.include? hostname @name2addr[hostname] << addr aliases.each {|n| + n.untaint @name2addr[n] = [] unless @name2addr.include? n @name2addr[n] << addr } @@ -689,6 +692,9 @@ class Resolv f.each {|line| line.sub!(/[#;].*/, '') keyword, *args = line.split(/\s+/) + args.each { |arg| + arg.untaint + } next unless keyword case keyword when 'nameserver' |