diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2001-10-30 08:42:21 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2001-10-30 08:42:21 +0000 |
| commit | 3ee749b1736ca72ba20fc30f759fa119a750a4c6 (patch) | |
| tree | d75571b4eae4fcfdca76de46afdc66dc8832cbf5 | |
| parent | 35b21a12c03765244d32b6400a100124f35df091 (diff) | |
* eval.c (rb_f_eval): can't modify untainted binding.
* regex.c (re_compile_pattern): should preverve p0 value.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1802 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | eval.c | 3 | ||||
| -rw-r--r-- | regex.c | 14 | ||||
| -rw-r--r-- | version.h | 4 |
4 files changed, 22 insertions, 7 deletions
@@ -1,3 +1,11 @@ +Tue Oct 30 14:04:04 2001 Yukihiro Matsumoto <[email protected]> + + * eval.c (rb_f_eval): can't modify untainted binding. + +Mon Oct 29 16:08:30 2001 Yukihiro Matsumoto <[email protected]> + + * regex.c (re_compile_pattern): should preverve p0 value. + Mon Oct 29 07:57:31 2001 Yukihiro Matsumoto <[email protected]> * parse.y (str_extend): shuould allow interpolation of $-x. @@ -4961,6 +4961,9 @@ rb_f_eval(argc, argv, self) if (ruby_safe_level >= 4) { Check_Type(src, T_STRING); + if (!NIL_P(scope) && !OBJ_TAINTED(scope)) { + rb_raise(rb_eSecurityError, "Insecure: can't modify trusted binding"); + } } else { Check_SafeStr(src); @@ -1544,11 +1544,15 @@ re_compile_pattern(pattern, size, bufp) case 'M': case 'C': case 'c': - p0 = --p; - c = read_special(p, pend, &p0); - if (c > 255) goto invalid_escape; - p = p0; - had_num_literal = 1; + { + char *pp; + + --p; + c = read_special(p, pend, &pp); + if (c > 255) goto invalid_escape; + p = pp; + had_num_literal = 1; + } break; default: @@ -1,4 +1,4 @@ #define RUBY_VERSION "1.6.5" -#define RUBY_RELEASE_DATE "2001-10-29" +#define RUBY_RELEASE_DATE "2001-10-30" #define RUBY_VERSION_CODE 165 -#define RUBY_RELEASE_CODE 20011029 +#define RUBY_RELEASE_CODE 20011030 |