$NetBSD: patch-ck,v 1.1.2.2 2006/07/31 22:43:13 salo Exp $

# fix for JVN#13947696 (part of CVE-2006-3694)

--- dir.c.orig	2005-09-14 22:40:58.000000000 +0900
+++ dir.c
@@ -325,7 +325,17 @@ dir_closed()
     rb_raise(rb_eIOError, "closed directory");
 }
 
+static void
+dir_check(dir)
+    VALUE dir;
+{
+    if (!OBJ_TAINTED(dir) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: operation on untainted Dir");
+    rb_check_frozen(dir);
+}
+
 #define GetDIR(obj, dirp) do {\
+    dir_check(dir);\
     Data_Get_Struct(obj, struct dir_data, dirp);\
     if (dirp->dir == NULL) dir_closed();\
 } while (0)
@@ -536,6 +546,9 @@ dir_close(dir)
 {
     struct dir_data *dirp;
 
+    if (rb_safe_level() >= 4 && !OBJ_TAINTED(dir)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't close");
+    }
     GetDIR(dir, dirp);
     closedir(dirp->dir);
     dirp->dir = NULL;
