* load.c (rb_require_safe): raises when the path to be loaded is

tainted. [ruby-dev:37843] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@21917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2009-01-31 10:07:49 +00:00 · 2009-01-31 10:07:49 +00:00 · fa4f685ef7
commit fa4f685ef7
parent 62e7e47bdb
2 changed files with 10 additions and 1 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Sat Jan 31 19:09:30 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* load.c (rb_require_safe): raises when the path to be loaded is
+	  tainted.  [ruby-dev:37843]
+
 Sat Jan 31 18:08:59 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* configure.in (optflags): defaulted to -O3 to get rid of slug of
--- a/load.c
+++ b/load.c
@ -554,13 +554,17 @@ rb_require_safe(VALUE fname, int safe)
 	rb_set_safe_level_force(safe);
 	FilePathValue(fname);
 	RB_GC_GUARD(fname) = rb_str_new4(fname);
+	rb_set_safe_level_force(0);
 	found = search_required(fname, &path);
 	if (found) {
 	    if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) {
 		result = Qfalse;
 	    }
 	    else {
-		rb_set_safe_level_force(0);
+		if (safe > 0 && OBJ_TAINTED(path)) {
+		    rb_raise(rb_eSecurityError, "cannot load from insecure path - %s",
+			     RSTRING_PTR(path));
+		}
 		switch (found) {
 		  case 'r':
 		    rb_load(path, 0);