From c8d1c38a8fc4e638bade6493a0dd4758a62d85a2 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 20 Sep 2005 16:49:26 +0000
Subject: * eval.c (rb_call0): wrong condition for $SAFE restoration.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@9254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 eval.c    | 22 +++++++++++++++++-----
 version.h |  8 ++++----
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/eval.c b/eval.c
index 81bce955fb..25c5f5775d 100644
--- a/eval.c
+++ b/eval.c
@@ -242,8 +242,10 @@ rb_clear_cache_by_class(klass)
     }
 }
 
-#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4)
+#define NOEX_TAINTED 8
 #define NOEX_SAFE(n) ((n) >> 4)
+#define NOEX_WITH(n, v) ((n) | (v) << 4)
+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
 
 void
 rb_add_method(klass, mid, node, noex)
@@ -4468,12 +4470,16 @@ rb_call0(klass, recv, id, argc, argv, body, flags)
 	    }
 	    b2 = body = body->nd_next;
 
-	    PUSH_VARS();
-	    PUSH_TAG(PROT_FUNC);
 	    if (NOEX_SAFE(flags) > ruby_safe_level) {
+		if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+		    rb_raise(rb_eSecurityError, "calling insecure method: %s",
+			     rb_id2name(id));
+		}
 		safe = ruby_safe_level;
 		ruby_safe_level = NOEX_SAFE(flags);
 	    }
+	    PUSH_VARS();
+	    PUSH_TAG(PROT_FUNC);
 	    if ((state = EXEC_TAG()) == 0) {
 		NODE *node = 0;
 		int i;
@@ -6756,11 +6762,17 @@ method_call(argc, argv, method)
 {
     VALUE result;
     struct METHOD *data;
+    int safe;
 
     Data_Get_Struct(method, struct METHOD, data);
+    if (OBJ_TAINTED(method)) {
+        safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
+    }
+    else {
+	safe = data->safe_level;
+    }
     PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
-    result = rb_call0(data->klass,data->recv,data->id,argc,argv,data->body,
-		      data->safe_level);
+    result = rb_call0(data->klass,data->recv,data->id,argc,argv,data->body,safe);
     POP_ITER();
     return result;
 }
diff --git a/version.h b/version.h
index 7b3288dd72..f62bdf2d34 100644
--- a/version.h
+++ b/version.h
@@ -1,11 +1,11 @@
 #define RUBY_VERSION "1.6.8"
-#define RUBY_RELEASE_DATE "2005-09-01"
+#define RUBY_RELEASE_DATE "2005-09-21"
 #define RUBY_VERSION_CODE 168
-#define RUBY_RELEASE_CODE 20050901
+#define RUBY_RELEASE_CODE 20050921
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 6
 #define RUBY_VERSION_TEENY 8
 #define RUBY_RELEASE_YEAR 2005
-#define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 1
+#define RUBY_RELEASE_MONTH 09
+#define RUBY_RELEASE_DAY 21
-- 
cgit v1.2.1