* lib/resolv.rb: untaint strings read from /etc/hosts and

/etc/resolv.conf to prevent SecurityError when $SAFE==1.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@2631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,8 @@
+Thu Jul 11 12:59:23 2002  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* lib/resolv.rb: untaint strings read from /etc/hosts and
+	/etc/resolv.conf to prevent SecurityError when $SAFE==1.
+
 Tue Jul  9 20:03:55 2002 Keiju Ishitsuka <keiju@ishitsuka.com>
 
 	* irb 0.9

lib/resolv.rb

@@ -284,12 +284,15 @@ class Resolv
               line.sub!(/#.*/, '')
               addr, hostname, *aliases = line.split(/\s+/)
               next unless addr
+	      addr.untaint
+	      hostname.untaint
               @addr2name[addr] = [] unless @addr2name.include? addr
               @addr2name[addr] << hostname
               @addr2name[addr] += aliases
               @name2addr[hostname] = [] unless @name2addr.include? hostname
               @name2addr[hostname] << addr
               aliases.each {|n|
+		n.untaint
                 @name2addr[n] = [] unless @name2addr.include? n
                 @name2addr[n] << addr
               }
@@ -689,6 +692,9 @@ class Resolv
                 f.each {|line|
                   line.sub!(/[#;].*/, '')
                   keyword, *args = line.split(/\s+/)
+		  args.each { |arg|
+		    arg.untaint
+		  }
                   next unless keyword
                   case keyword
                   when 'nameserver'