3158daef37
Symlink race condition in FileUtils.remove_entry_secure (bug 678913) bypass of $SAFE mechanism in Exception#to_s (bug 678920)
23 lines
624 B
Diff
23 lines
624 B
Diff
--- ruby-1.8.6-p420/error.c.tainted 2008-08-04 12:16:55.000000000 +0900
|
|
+++ ruby-1.8.6-p420/error.c 2011-02-21 04:44:14.000000000 +0900
|
|
@@ -404,7 +404,6 @@
|
|
VALUE mesg = rb_attr_get(exc, rb_intern("mesg"));
|
|
|
|
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
|
- if (OBJ_TAINTED(exc)) OBJ_TAINT(mesg);
|
|
return mesg;
|
|
}
|
|
|
|
@@ -668,10 +667,9 @@
|
|
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
|
StringValue(str);
|
|
if (str != mesg) {
|
|
- rb_iv_set(exc, "mesg", mesg = str);
|
|
+ OBJ_INFECT(str, mesg);
|
|
}
|
|
- if (OBJ_TAINTED(exc)) OBJ_TAINT(mesg);
|
|
- return mesg;
|
|
+ return str;
|
|
}
|
|
|
|
/*
|