From a0cc731f586023953fb69aacfbedd0350ced98f6 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 13 Sep 2006 07:49:54 +0000
Subject: * string.c (rb_str_intern): prohibit interning tainted string.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'string.c')

diff --git a/string.c b/string.c
index 83ac1e486c..681614b133 100644
--- a/string.c
+++ b/string.c
@@ -4404,6 +4404,9 @@ rb_str_intern(s)
     }
     if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len)
 	rb_raise(rb_eArgError, "symbol string may not contain `\\0'");
+    if (OBJ_TAINTED(str)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
+    }
     id = rb_intern(RSTRING(str)->ptr);
     return ID2SYM(id);
 }
-- 
cgit v1.2.3