2 files changed, 13 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 1de38d3638..9bacb40125 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Mon May 11 23:14:06 2009  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
+
+	* ext/dl/dl.c (rb_dlhandle_initialize): prohibits DL::dlopen
+	  with a tainted name of library.
+	  Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>.
+
+	* ext/dl/dl.c (rb_dlhandle_sym): ditto
+
 Mon May 11 22:33:46 2009  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
 
 	* ext/dl/lib/dl/func.rb (DL::Function#call): prevents
diff --git a/ext/dl/handle.c b/ext/dl/handle.c
index ee3c644985..d72f725fbb 100644
--- a/ext/dl/handle.c
+++ b/ext/dl/handle.c
@@ -5,6 +5,8 @@
 #include <ruby.h>
 #include "dl.h"
 
+#define SafeStringValuePtr(v) (rb_string_value(&v), rb_check_safe_obj(v), RSTRING_PTR(v))
+
 VALUE rb_cDLHandle;
 
 void
@@ -56,11 +58,11 @@ rb_dlhandle_initialize(int argc, VALUE argv[], VALUE self)
     cflag = RTLD_LAZY | RTLD_GLOBAL;
     break;
   case 1:
-    clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+    clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
     cflag = RTLD_LAZY | RTLD_GLOBAL;
     break;
   case 2:
-    clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
+    clib = NIL_P(lib) ? NULL : SafeStringValuePtr(lib);
     cflag = NUM2INT(flag);
     break;
   default:
@@ -140,7 +142,7 @@ rb_dlhandle_sym(VALUE self, VALUE sym)
 
     rb_secure(2);
 
-    name = StringValuePtr(sym);
+    name = SafeStringValuePtr(sym);
 
     Data_Get_Struct(self, struct dl_handle, dlhandle);
     if( ! dlhandle->open ){