* lib/resolv.rb: untaint strings read from /etc/hosts and

/etc/resolv.conf to prevent SecurityError when $SAFE==1. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@2631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lann · Jul 11, 2002 · da72e5a · da72e5a
1 parent daba1fc
commit da72e5a
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Jul 11 12:59:23 2002  Shugo Maeda  <[email protected]>
+
+	* lib/resolv.rb: untaint strings read from /etc/hosts and
+	/etc/resolv.conf to prevent SecurityError when $SAFE==1.
+
 Tue Jul  9 20:03:55 2002 Keiju Ishitsuka <[email protected]>
 
 	* irb 0.9

diff --git a/lib/resolv.rb b/lib/resolv.rb
@@ -284,12 +284,15 @@ def lazy_initialize
               line.sub!(/#.*/, '')
               addr, hostname, *aliases = line.split(/\s+/)
               next unless addr
+	      addr.untaint
+	      hostname.untaint
               @addr2name[addr] = [] unless @addr2name.include? addr
               @addr2name[addr] << hostname
               @addr2name[addr] += aliases
               @name2addr[hostname] = [] unless @name2addr.include? hostname
               @name2addr[hostname] << addr
               aliases.each {|n|
+		n.untaint
                 @name2addr[n] = [] unless @name2addr.include? n
                 @name2addr[n] << addr
               }
@@ -689,6 +692,9 @@ def lazy_initialize
                 f.each {|line|
                   line.sub!(/[#;].*/, '')
                   keyword, *args = line.split(/\s+/)
+		  args.each { |arg|
+		    arg.untaint
+		  }
                   next unless keyword
                   case keyword
                   when 'nameserver'