From f1ab0d3cab7f151b67f0f558982fe5829195db5a Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 30 Oct 2003 00:34:30 +0000
Subject: [PATCH] * process.c (rb_f_system): fixed lack of security check
 before   calling do_spawn() on win32. [ruby-talk:84555]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 5 +++++
 process.c | 1 +
 2 files changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3118694014..df62afbc4f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Oct 30 09:32:26 2003  NAKAMURA Usaku <usa@ruby-lang.org>
+
+	* process.c (rb_f_system): fixed lack of security check before
+	  calling do_spawn() on win32. [ruby-talk:84555]
+
 Thu Oct 30 02:46:35 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* eval.c (proc_invoke): single array value to normal Proc#call
diff --git a/process.c b/process.c
index 1920da2c44..ed7ae86dcd 100644
--- a/process.c
+++ b/process.c
@@ -976,6 +976,7 @@ rb_f_system(argc, argv)
 
     if (argc == 1 && prog == 0) {
 #if defined(_WIN32)
+	SafeStringValue(argv[0]);
 	status = do_spawn(P_WAIT, RSTRING(argv[0])->ptr);
 #else
 	status = proc_spawn(argv[0]);