merges r21917, r21955 and r21974 from trunk into ruby_1_9_1.

* load.c (rb_require_safe): raises when the path to be loaded is tainted. [ruby-dev:37843] --- * file.c (rb_find_file_ext): should not be infected from other load paths. --- * adds a test case for r21955 and r21917. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@22500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-02-22 04:30:22 +0000
committer: yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-02-22 04:30:22 +0000
commit: abc40f03ef23ee760046577694b308b08c2f396a (patch)
tree: 98b4586c393be261dc7445c0445966d5de44774a /load.c
parent: cb2f0c9d14f84f3a587046e0cd949532b0304c5f (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/load.c b/load.c
index 8e66a75718..8e533771f1 100644
--- a/load.c
+++ b/load.c
@@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe)
 	rb_set_safe_level_force(safe);
 	FilePathValue(fname);
 	RB_GC_GUARD(fname) = rb_str_new4(fname);
+	rb_set_safe_level_force(0);
 	found = search_required(fname, &path);
 	if (found) {
 	    if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) {
 		result = Qfalse;
 	    }
 	    else {
-		rb_set_safe_level_force(0);
+		if (safe > 0 && OBJ_TAINTED(path)) {
+		    rb_raise(rb_eSecurityError, "cannot load from insecure path - %s",
+			     RSTRING_PTR(path));
+		}
 		switch (found) {
 		  case 'r':
 		    rb_load(path, 0);
author	yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-02-22 04:30:22 +0000
committer	yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-02-22 04:30:22 +0000
commit	abc40f03ef23ee760046577694b308b08c2f396a (patch)
tree	98b4586c393be261dc7445c0445966d5de44774a /load.c
parent	cb2f0c9d14f84f3a587046e0cd949532b0304c5f (diff)