kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a

Browse source 
security error with the tainted string object.
* ext/win32ole/win32ole_event.c(ev_advise): ditto.
* test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted,
  test_s_new_exc_host_tainted): ditto.
* test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
suke 2014-08-25 11:18:17 +00:00
parent 682f3a7881
commit 108c4e4495
5 changed files with 73 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ext/win32ole/win32ole_event.c
View file

@ -897,12 +897,11 @@ ev_advise(int argc, VALUE *argv, VALUE self)
}
if(!RB_TYPE_P(itf, T_NIL)) {
pitf = StringValuePtr(itf);
if (rb_safe_level() > 0 && OBJ_TAINTED(itf)) {
rb_raise(rb_eSecurityError, "Insecure Event Creation - %s",
rb_raise(rb_eSecurityError, "insecure event creation - `%s'",
StringValuePtr(itf));
}
SafeStringValue(itf);
pitf = StringValuePtr(itf);
hr = find_iid(ole, pitf, &iid, &pTypeInfo);
}
else {