From 03022c9d9f686b87d66443eaf38fd7b0e7db5b69 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 18 Feb 2011 12:32:35 +0000
Subject: merge revision(s) 30903: 	* test/ruby/test_exception.rb
 (TestException::test_to_s_taintness_propagation): 	  Test for below. 
 * error.c (exc_to_s): untainted strings can be tainted via 	 
 Exception#to_s, which enables attackers to overwrite sane strings. 	 
 Reported by: Yusuke Endoh <mame at tsg.ne.jp>. 	* error.c
 (name_err_to_s): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@30911 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 error.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'error.c')

diff --git a/error.c b/error.c
index a991f55e57..59b445e915 100644
--- a/error.c
+++ b/error.c
@@ -403,7 +403,6 @@ exc_to_s(exc)
     VALUE mesg = rb_attr_get(exc, rb_intern("mesg"));
 
     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
-    if (OBJ_TAINTED(exc)) OBJ_TAINT(mesg);
     return mesg;
 }
 
@@ -667,10 +666,9 @@ name_err_to_s(exc)
     if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
     StringValue(str);
     if (str != mesg) {
-	rb_iv_set(exc, "mesg", mesg = str);
+	OBJ_INFECT(str, mesg);
     }
-    if (OBJ_TAINTED(exc)) OBJ_TAINT(mesg);
-    return mesg;
+    return str;
 }
 
 /*
-- 
cgit v1.2.3