From 37b2487c7097aa72775f0f3f17f058cfc820dabd Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 29 Jul 2003 07:52:55 +0000
Subject: [PATCH] * lib/net/smtp.rb (Net::SMTP::send0): add taint check.

* ruby.h (LLONG_MIN): wrong value.

* io.c (rb_f_getc): $stdin may not be IO. [ruby-dev:20973]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4206 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                   | 13 +++++++++++++
 ext/bigdecimal/bigdecimal.c |  3 +--
 intern.h                    |  1 +
 io.c                        |  7 +++++--
 lib/complex.rb              | 10 +++++-----
 lib/net/smtp.rb             |  4 ++++
 ruby.h                      |  2 +-
 7 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7329856f6f..7093d303c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,20 @@
+Tue Jul 29 16:38:44 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* lib/net/smtp.rb (Net::SMTP::send0): add taint check.
+
 Tue Jul 29 15:41:02 2003  WATANABE Hirofumi  <eban@ruby-lang.org>
 
 	* instruby.rb (install): preserve the timestamp for Mac OS X ranlib
 	  problem.
 
+Tue Jul 29 01:14:51 2003  Rick Ohnemus  <rick_ohnemus@acm.org>
+
+	* ruby.h (LLONG_MIN): wrong value.
+
+Mon Jul 28 22:57:52 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* io.c (rb_f_getc): $stdin may not be IO. [ruby-dev:20973]
+
 Tue Jul 29 12:22:28 2003  why the lucky stiff  <ruby-cvs@whytheluckystiff.net>
 
 	* ext/syck/token.c: prefixed many constants and definitions
@@ -43,6 +55,7 @@ Mon Jul 28 18:53:03 2003  WATANABE Hirofumi  <eban@ruby-lang.org>
 	* ext/openssl/extconf.rb: check again after pkg-config for MinGW on
 	  Cygwin.
 
+>>>>>>> 1.1963
 Mon Jul 28 15:32:04 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* ext/stringio/stringio.c (strio_gets): only "gets" should set $_.
diff --git a/ext/bigdecimal/bigdecimal.c b/ext/bigdecimal/bigdecimal.c
index 542f9ab520..d01dbc4f5d 100644
--- a/ext/bigdecimal/bigdecimal.c
+++ b/ext/bigdecimal/bigdecimal.c
@@ -31,6 +31,7 @@
  *
  */
 
+#include "ruby.h"
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -38,8 +39,6 @@
 #include <errno.h>
 #include <float.h>
 #include <math.h>
-#include "ruby.h"
-#include "math.h"
 #include "version.h"
  
 /* #define ENABLE_NUMERIC_STRING */
diff --git a/intern.h b/intern.h
index 7422a94b45..bd8c9725ba 100644
--- a/intern.h
+++ b/intern.h
@@ -249,6 +249,7 @@ VALUE rb_hash_delete _((VALUE,VALUE));
 int rb_path_check _((char*));
 int rb_env_path_tainted _((void));
 /* io.c */
+#define rb_defout rb_stdout
 RUBY_EXTERN VALUE rb_fs;
 RUBY_EXTERN VALUE rb_output_fs;
 RUBY_EXTERN VALUE rb_rs;
diff --git a/io.c b/io.c
index 645208d391..5243dd7e4f 100644
--- a/io.c
+++ b/io.c
@@ -94,7 +94,7 @@ VALUE rb_cIO;
 VALUE rb_eEOFError;
 VALUE rb_eIOError;
 
-VALUE rb_stdin, rb_stdout, rb_stderr;
+VALUE rb_stdin, rb_stdout, rb_stderr, rb_defout;
 static VALUE orig_stdout, orig_stderr;
 
 VALUE rb_output_fs;
@@ -3180,6 +3180,9 @@ static VALUE
 rb_f_getc()
 {
     rb_warn("getc is obsolete; use STDIN.getc instead");
+    if (TYPE(rb_stdin) != T_FILE) {
+	return rb_funcall3(rb_stdin, rb_intern("getc"), 0, 0);
+    }
     return rb_io_getc(rb_stdin);
 }
 
@@ -4134,7 +4137,7 @@ Init_IO()
     rb_stderr = prep_stdio(stderr, FMODE_WRITABLE, rb_cIO);
     rb_define_hooked_variable("$stderr", &rb_stderr, 0, set_output_var);
     rb_define_hooked_variable("$>", &rb_stdout, 0, set_output_var);
-    orig_stdout = rb_stdout;
+    rb_defout = orig_stdout = rb_stdout;
     orig_stderr = rb_stderr;
 
     /* variables to be removed in 1.8.1 */
diff --git a/lib/complex.rb b/lib/complex.rb
index 3d761beb6b..9b5419ba61 100644
--- a/lib/complex.rb
+++ b/lib/complex.rb
@@ -75,14 +75,14 @@ class Complex < Numeric
   end
 
   def initialize(a, b)
-    raise "non numeric 1st arg `#{a.inspect}'" if !a.kind_of? Numeric
-    raise "`#{a.inspect}' for 1st arg" if a.kind_of? Complex
-    raise "non numeric 2nd arg `#{b.inspect}'" if !b.kind_of? Numeric
-    raise "`#{b.inspect}' for 2nd arg" if b.kind_of? Complex
+    raise TypeError, "non numeric 1st arg `#{a.inspect}'" if !a.kind_of? Numeric
+    raise TypeError, "`#{a.inspect}' for 1st arg" if a.kind_of? Complex
+    raise TypeError, "non numeric 2nd arg `#{b.inspect}'" if !b.kind_of? Numeric
+    raise TypeError, "`#{b.inspect}' for 2nd arg" if b.kind_of? Complex
     @real = a
     @image = b
   end
-  
+
   #
   # Addition with real or complex number.
   #
diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb
index 240b41d6c7..3991eb18b8 100644
--- a/lib/net/smtp.rb
+++ b/lib/net/smtp.rb
@@ -490,6 +490,10 @@ module Net
     def send0( from_addr, to_addrs )
       raise IOError, "closed session" unless @socket
       raise ArgumentError, 'mail destination does not given' if to_addrs.empty?
+      raise SecurityError, 'tainted from_addr' if from_addr.tainted?
+      to_addrs.each{|to| 
+        raise SecurityError, 'tainted to_addr' if to.tainted?
+      }
 
       mailfrom from_addr
       to_addrs.each do |to|
diff --git a/ruby.h b/ruby.h
index 8de1a2f425..f624ed1863 100644
--- a/ruby.h
+++ b/ruby.h
@@ -109,7 +109,7 @@ typedef unsigned long ID;
 #   define LLONG_MIN  LONG_LONG_MIN
 #  else
 #   ifdef _I64_MIN
-#    define LLONG_MIN _I64_MAX
+#    define LLONG_MIN _I64_MIX
 #   else
 #    define LLONG_MIN (-LLONG_MAX-1)
 #   endif