* encoding.c (require_enc): reject only loading from untrusted

load paths.  [ruby-dev:44541] [Bug #5279]
* transcode.c (load_transcoder_entry): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,10 @@
+Sun Sep 25 16:54:33 2011  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* encoding.c (require_enc): reject only loading from untrusted
+	  load paths.  [ruby-dev:44541] [Bug #5279]
+
+	* transcode.c (load_transcoder_entry): ditto.
+
 Sun Sep 25 16:45:05 2011  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* configure.in: ignore all warnings from an arbitrary

encoding.c

@@ -543,7 +543,8 @@ rb_enc_registered(const char *name)
 static VALUE
 require_enc(VALUE enclib)
 {
-    return rb_require_safe(enclib, rb_safe_level());
+    int safe = rb_safe_level();
+    return rb_require_safe(enclib, safe > 3 ? 3 : safe);
 }
 
 static int

test/ruby/test_encoding.rb

@@ -102,6 +102,6 @@ class TestEncoding < Test::Unit::TestCase
 
   def test_unsafe
     bug5279 = '[ruby-dev:44469]'
-    assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279)
+    assert_ruby_status([], '$SAFE=4; "a".encode("utf-16be")', bug5279)
   end
 end

transcode.c

@@ -370,6 +370,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
         const size_t total_len = sizeof(transcoder_lib_prefix) - 1 + len;
         const VALUE fn = rb_str_new(0, total_len);
         char *const path = RSTRING_PTR(fn);
+	const int safe = rb_safe_level();
 
         entry->lib = NULL;
 
@@ -378,7 +379,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
         rb_str_set_len(fn, total_len);
         FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED);
         OBJ_FREEZE(fn);
-        if (!rb_require_safe(fn, rb_safe_level()))
+        if (!rb_require_safe(fn, safe > 3 ? 3 : safe))
             return NULL;
     }