mirror of
https://github.com/ruby/ruby.git
synced 2025-09-15 08:33:58 +02:00
merges r21917, r21955 and r21974 from trunk into ruby_1_9_1.
* load.c (rb_require_safe): raises when the path to be loaded is tainted. [ruby-dev:37843] --- * file.c (rb_find_file_ext): should not be infected from other load paths. --- * adds a test case for r21955 and r21917. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@22500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
yugui
parent
cb2f0c9d14
commit
abc40f03ef
4 changed files with 62 additions and 1 deletions
6
load.c
6
load.c
|
|
@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe)
|
|||
rb_set_safe_level_force(safe);
|
||||
FilePathValue(fname);
|
||||
RB_GC_GUARD(fname) = rb_str_new4(fname);
|
||||
rb_set_safe_level_force(0);
|
||||
found = search_required(fname, &path);
|
||||
if (found) {
|
||||
if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) {
|
||||
result = Qfalse;
|
||||
}
|
||||
else {
|
||||
rb_set_safe_level_force(0);
|
||||
if (safe > 0 && OBJ_TAINTED(path)) {
|
||||
rb_raise(rb_eSecurityError, "cannot load from insecure path - %s",
|
||||
RSTRING_PTR(path));
|
||||
}
|
||||
switch (found) {
|
||||
case 'r':
|
||||
rb_load(path, 0);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue