From a6d4e18284842ec93e91aed228392d51dd1ac966 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 20 May 2010 06:57:38 +0000
Subject: merge revision(s) 26277: 	* eval.c (recursive_push): Taint
 internal hash to prevent 	  unexpected SecurityError; fixes #1864.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@27914 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 5 +++++
 eval.c    | 2 ++
 version.h | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e1e5baaa5b..33ed37b6e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu May 20 15:54:08 2010  Akinori MUSHA  <knu@iDaemons.org>
+
+	* eval.c (recursive_push): Taint internal hash to prevent
+	  unexpected SecurityError; fixes #1864.
+
 Thu May 20 15:39:26 2010  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* io.c (io_fwrite): preserve errno.  [ruby-core:27425]
diff --git a/eval.c b/eval.c
index 55dbb8c254..a4f488f06b 100644
--- a/eval.c
+++ b/eval.c
@@ -13566,6 +13566,7 @@ recursive_push(hash, obj)
     sym = ID2SYM(rb_frame_last_func());
     if (NIL_P(hash) || TYPE(hash) != T_HASH) {
 	hash = rb_hash_new();
+	OBJ_TAINT(hash);
 	rb_thread_local_aset(rb_thread_current(), recursive_key, hash);
 	list = Qnil;
     }
@@ -13574,6 +13575,7 @@ recursive_push(hash, obj)
     }
     if (NIL_P(list) || TYPE(list) != T_HASH) {
 	list = rb_hash_new();
+	OBJ_TAINT(list);
 	rb_hash_aset(hash, sym, list);
     }
     rb_hash_aset(list, obj, Qtrue);
diff --git a/version.h b/version.h
index e37a14cec3..aa3fe66aff 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2010-05-20"
 #define RUBY_VERSION_CODE 187
 #define RUBY_RELEASE_CODE 20100520
-#define RUBY_PATCHLEVEL 255
+#define RUBY_PATCHLEVEL 256
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
-- 
cgit v1.2.3