diff options
-rw-r--r-- | .cvsignore | 15 | ||||
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | string.c | 3 |
3 files changed, 9 insertions, 13 deletions
diff --git a/.cvsignore b/.cvsignore index 9fd96ca149..242a9b1fb4 100644 --- a/.cvsignore +++ b/.cvsignore @@ -8,6 +8,7 @@ .ext .git .svn +.pc .rbconfig.time COPYING.LIB ChangeLog.pre-alpha @@ -26,32 +27,20 @@ config.h.in config.log config.status configure -foo.rb libruby.so.* miniruby -miniruby.elhash -miniruby.elhash2 -miniruby.orig2 -miniruby.plhash -miniruby.plhash2 -modex.rb newdate.rb newver.rb parse.c -parse.y.try -pitest.rb +patches ppack preview rbconfig.rb -rename2.h repack riscos rubicon ruby ruby-man.rd.gz -rubyunit -st.c.power -this that tmp web y.output @@ -1,3 +1,7 @@ +Wed Sep 13 16:43:36 2006 Yukihiro Matsumoto <matz@ruby-lang.org> + + * string.c (rb_str_intern): prohibit interning tainted string. + Wed Sep 13 01:14:21 2006 Nobuyoshi Nakada <nobu@ruby-lang.org> * lib/optparse.rb (OptionParser#getopts): works with pre-registered @@ -4404,6 +4404,9 @@ rb_str_intern(s) } if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len) rb_raise(rb_eArgError, "symbol string may not contain `\\0'"); + if (OBJ_TAINTED(str)) { + rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); + } id = rb_intern(RSTRING(str)->ptr); return ID2SYM(id); } |