Backported fix for CVE-2012-4464,4466 on trunk:rev37068 to 1.8.7 branch.
Note that for ruby-1.8 branch, there was a fix for CVE-2011-1005 on rev 30903,
however the fix proved to be incomplete.
Mamoru Tasaka <mtasaka@fedoraproject.org>
--- ruby-1.8.7-p358/error.c.sec 2011-02-18 21:32:35.000000000 +0900
+++ ruby-1.8.7-p358/error.c 2012-10-04 23:58:12.000000000 +0900
@@ -665,9 +665,11 @@
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
StringValue(str);
+#if 0
if (str != mesg) {
OBJ_INFECT(str, mesg);
}
+#endif
return str;
}
@@ -757,7 +759,6 @@
args[2] = d;
mesg = rb_f_sprintf(3, args);
}
- if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg);
return mesg;
}