ruby-changes:31774
From: nobu <ko1@a...>
Date: Tue, 26 Nov 2013 16:30:43 +0900 (JST)
Subject: [ruby-changes:31774] nobu:r43853 (trunk): file.c: fix buffer overflow
nobu 2013-11-26 16:30:37 +0900 (Tue, 26 Nov 2013) New Revision: 43853 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=43853 Log: file.c: fix buffer overflow * file.c (rb_readlink): fix buffer overflow on a long symlink. since rb_str_modify_expand() expands from its length but not its capacity, need to set the length properly for each expansion. [ruby-core:58592] [Bug #9157] Modified files: trunk/ChangeLog trunk/file.c trunk/test/ruby/test_file_exhaustive.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 43852) +++ ChangeLog (revision 43853) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Tue Nov 26 16:30:31 2013 Nobuyoshi Nakada <nobu@r...> + + * file.c (rb_readlink): fix buffer overflow on a long symlink. since + rb_str_modify_expand() expands from its length but not its capacity, + need to set the length properly for each expansion. + [ruby-core:58592] [Bug #9157] + Tue Nov 26 14:23:17 2013 Aman Gupta <ruby@t...> * ext/objspace/objspace_dump.c (dump_append_string_value): Escape Index: test/ruby/test_file_exhaustive.rb =================================================================== --- test/ruby/test_file_exhaustive.rb (revision 43852) +++ test/ruby/test_file_exhaustive.rb (revision 43853) @@ -391,6 +391,24 @@ class TestFileExhaustive < Test::Unit::T https://github.com/ruby/ruby/blob/trunk/test/ruby/test_file_exhaustive.rb#L391 rescue NotImplementedError end + def test_readlink_long_path + return unless @symlinkfile + bug9157 = '[ruby-core:58592] [Bug #9157]' + assert_separately(["-", @symlinkfile, bug9157], <<-"end;") + symlinkfile, bug9157 = *ARGV + 100.step(1000, 100) do |n| + File.unlink(symlinkfile) + link = "foo"*n + begin + File.symlink(link, symlinkfile) + rescue Errno::ENAMETOOLONG + break + end + assert_equal(link, File.readlink(symlinkfile), bug9157) + end + end; + end + def test_unlink assert_equal(1, File.unlink(@file)) make_file("foo", @file) Index: file.c =================================================================== --- file.c (revision 43852) +++ file.c (revision 43853) @@ -2618,6 +2618,7 @@ rb_readlink(VALUE path) https://github.com/ruby/ruby/blob/trunk/file.c#L2618 ) { rb_str_modify_expand(v, size); size *= 2; + rb_str_set_len(v, size); } if (rv < 0) { rb_str_resize(v, 0); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/