From c2ce9eb9d88593870f68f5476ecc20cff99669db Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 25 Jul 2019 23:11:57 +0000
Subject: merge revision(s) a15f7dd1fb1148c3d586238ee6907875f2e40379: [Backport
 #15803]

	Always mark the string returned by File.realpath as tainted

	This string can include elements that were not in either string
	passed to File.realpath, even if one of the strings is an
	absolute path, due to symlinks:

	```ruby
	Dir.mkdir('b') unless File.directory?('b')
	File.write('b/a', '') unless File.file?('b/a')
	File.symlink('b', 'c') unless File.symlink?('c')
	path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
	path # "/home/testr/ruby/b/a"
	path.tainted? # should be true, as 'b' comes from file system
	```

	[Bug #15803]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67713 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'file.c')

diff --git a/file.c b/file.c
index fa420c6921..6721d9b406 100644
--- a/file.c
+++ b/file.c
@@ -4152,7 +4152,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode
 	}
     }
 
-    OBJ_INFECT(resolved, unresolved_path);
+    rb_obj_taint(resolved);
     RB_GC_GUARD(unresolved_path);
     RB_GC_GUARD(curdir);
     return resolved;
-- 
cgit v1.2.3