Merge commit '680d09' into baserock/ps/proto-web-systembaserock/ps/proto-web-system

author: Paul Sherwood <paul.sherwood@codethink.co.uk> 2014-04-20 09:01:04 +0000
committer: Paul Sherwood <paul.sherwood@codethink.co.uk> 2014-04-20 09:01:04 +0000
commit: 6ecf40e1fa1b2c55f63d0ccb46bce2fca73b40ad (patch)
tree: 368a0326bcf36bc7e06cbbe7a1d55b752afd86ba /ext/fiddle/function.c
parent: cb3ea602294b5038b5f7ac21d3875a2b52342956 (diff)
parent: 680d09b61ea7d850e27944311723a40c596e5d95 (diff)
download: ruby-baserock/ps/proto-web-system.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c
index ada37a4942..52f7695eb7 100644
--- a/ext/fiddle/function.c
+++ b/ext/fiddle/function.c
@@ -101,6 +101,15 @@ function_call(int argc, VALUE argv[], VALUE self)
 
     TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif);
 
+    if (rb_safe_level() >= 1) {
+	for (i = 0; i < argc; i++) {
+	    VALUE src = argv[i];
+	    if (OBJ_TAINTED(src)) {
+		rb_raise(rb_eSecurityError, "tainted parameter not allowed");
+	    }
+	}
+    }
+
     values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *));
     generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic));
author	Paul Sherwood <paul.sherwood@codethink.co.uk>	2014-04-20 09:01:04 +0000
committer	Paul Sherwood <paul.sherwood@codethink.co.uk>	2014-04-20 09:01:04 +0000
commit	6ecf40e1fa1b2c55f63d0ccb46bce2fca73b40ad (patch)
tree	368a0326bcf36bc7e06cbbe7a1d55b752afd86ba /ext/fiddle/function.c
parent	cb3ea602294b5038b5f7ac21d3875a2b52342956 (diff)
parent	680d09b61ea7d850e27944311723a40c596e5d95 (diff)
download	ruby-baserock/ps/proto-web-system.tar.gz