* lib/net/imap.rb (flag_list): untaint strings to intern in the safe

level 1. * lib/net/imap.rb (max_flag_count=): new methods to set the max number of flags interned to symbols. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@25858 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-11-19 13:38:35 +0000
committer: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2009-11-19 13:38:35 +0000
commit: c20c7f1e2e06da1cf7feaa5b92f11028f32c9120 (patch)
tree: 8b1017b9bb13289b9078fc3a295f1049da4678d0 /lib/net
parent: cdcdabfc495b7db2891cf72241194d29e4683aab (diff)
1 files changed, 33 insertions, 1 deletions
diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index b42b0d1dea..79ed4b4981 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -269,6 +269,16 @@ module Net
       return @@debug = val
     end
 
+    # Returns the max number of flags interned to symbols.
+    def self.max_flag_count
+      return @@max_flag_count
+    end
+
+    # Sets the max number of flags interned to symbols.
+    def self.max_flag_count=(count)
+      @@max_flag_count = count
+    end
+
     # Adds an authenticator for Net::IMAP#authenticate.  +auth_type+
     # is the type of authentication this authenticator supports
     # (for instance, "LOGIN").  The +authenticator+ is an object
@@ -858,6 +868,7 @@ module Net
 
     @@debug = false
     @@authenticators = {}
+    @@max_flag_count = 10000
 
     # Creates a new Net::IMAP object and connects it to the specified
     # +port+ (143 by default) on the named +host+.  If +usessl+ is true, 
@@ -1868,6 +1879,14 @@ module Net
     end
 
     class ResponseParser # :nodoc:
+      def initialize
+        @str = nil
+        @pos = nil
+        @lex_state = nil
+        @token = nil
+        @flag_symbols = {}
+      end
+
       def parse(str)
         @str = str
         @pos = 0
@@ -2878,7 +2897,16 @@ module Net
         if @str.index(/\(([^)]*)\)/ni, @pos)
           @pos = $~.end(0)
           return $1.scan(FLAG_REGEXP).collect { |flag, atom|
-            atom || flag.capitalize.intern
+            if atom
+              atom
+            else
+              symbol = flag.capitalize.untaint.intern
+              @flag_symbols[symbol] = true
+              if @flag_symbols.length > IMAP.max_flag_count
+                raise FlagCountError, "number of flag symbols exceeded"
+              end
+              symbol
+            end
           }
         else
           parse_error("invalid flag list")
@@ -3223,6 +3251,10 @@ module Net
     # out due to inactivity.
     class ByeResponseError < ResponseError
     end
+
+    # Error raised when too many flags are interned to symbols.
+    class FlagCountError < Error
+    end
   end
 end
author	shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-11-19 13:38:35 +0000
committer	shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2009-11-19 13:38:35 +0000
commit	c20c7f1e2e06da1cf7feaa5b92f11028f32c9120 (patch)
tree	8b1017b9bb13289b9078fc3a295f1049da4678d0 /lib/net
parent	cdcdabfc495b7db2891cf72241194d29e4683aab (diff)