* load.c (rb_require_safe): raises when the path to be loaded is

tainted. [ruby-dev:37843] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@21917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-01-31 10:07:49 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-01-31 10:07:49 +0000
commit: fa4f685ef7094810c2b3b71dbb8f4de42fbfc5ea (patch)
tree: 730debbd8d81a2218e9b0380c8547786978e6759 /load.c
parent: 62e7e47bdb6d5b4f13138bd3290ca3c40d3ddbab (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/load.c b/load.c
index 8e66a75718..8e533771f1 100644
--- a/load.c
+++ b/load.c
@@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe)
 	rb_set_safe_level_force(safe);
 	FilePathValue(fname);
 	RB_GC_GUARD(fname) = rb_str_new4(fname);
+	rb_set_safe_level_force(0);
 	found = search_required(fname, &path);
 	if (found) {
 	    if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) {
 		result = Qfalse;
 	    }
 	    else {
-		rb_set_safe_level_force(0);
+		if (safe > 0 && OBJ_TAINTED(path)) {
+		    rb_raise(rb_eSecurityError, "cannot load from insecure path - %s",
+			     RSTRING_PTR(path));
+		}
 		switch (found) {
 		  case 'r':
 		    rb_load(path, 0);
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-01-31 10:07:49 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-01-31 10:07:49 +0000
commit	fa4f685ef7094810c2b3b71dbb8f4de42fbfc5ea (patch)
tree	730debbd8d81a2218e9b0380c8547786978e6759 /load.c
parent	62e7e47bdb6d5b4f13138bd3290ca3c40d3ddbab (diff)