ruby-changes:35656
From: nobu <ko1@a...>
Date: Mon, 29 Sep 2014 22:55:00 +0900 (JST)
Subject: [ruby-changes:35656] nobu:r47738 (trunk): win32/file.c: fix no user exception
nobu 2014-09-29 22:54:50 +0900 (Mon, 29 Sep 2014) New Revision: 47738 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=47738 Log: win32/file.c: fix no user exception * win32/file.c (append_wstr): set expanded length, not length of appended string. fix "probable buffer overflow" bug. [ruby-core:65317] [Bug #10304] Modified files: trunk/ChangeLog trunk/win32/file.c Index: ChangeLog =================================================================== --- ChangeLog (revision 47737) +++ ChangeLog (revision 47738) @@ -1,4 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 -Mon Sep 29 22:54:39 2014 Nobuyoshi Nakada <nobu@r...> +Mon Sep 29 22:54:51 2014 Nobuyoshi Nakada <nobu@r...> + + * win32/file.c (append_wstr): set expanded length, not length of + appended string. fix "probable buffer overflow" bug. + [ruby-core:65317] [Bug #10304] * string.c (str_make_independent_expand): drop NOFREE flag after reallocation, static buffer is not pointed anymore. Index: win32/file.c =================================================================== --- win32/file.c (revision 47737) +++ win32/file.c (revision 47738) @@ -272,14 +272,14 @@ replace_to_long_name(wchar_t **wfullpath https://github.com/ruby/ruby/blob/trunk/win32/file.c#L272 } static inline size_t -user_length_in_path(const wchar_t *wuser) +user_length_in_path(const wchar_t *wuser, size_t len) { - const wchar_t *pos = wuser; + size_t i; - while (!IS_DIR_SEPARATOR_P(*pos) && *pos != '\0') - pos++; + for (i = 0; i < len && !IS_DIR_SEPARATOR_P(wuser[i]); i++) + ; - return pos - wuser; + return i; } static VALUE @@ -293,7 +293,7 @@ append_wstr(VALUE dst, const wchar_t *ws https://github.com/ruby/ruby/blob/trunk/win32/file.c#L293 rb_str_modify_expand(dst, nlen); WideCharToMultiByte(cp, 0, ws, len, RSTRING_PTR(dst) + olen, nlen, NULL, NULL); rb_enc_associate(dst, path_encoding); - rb_str_set_len(dst, nlen); + rb_str_set_len(dst, olen + nlen); } else { const int replaceflags = ECONV_UNDEF_REPLACE|ECONV_INVALID_REPLACE; @@ -402,7 +402,7 @@ rb_file_expand_path_internal(VALUE fname https://github.com/ruby/ruby/blob/trunk/win32/file.c#L402 } else if (abs_mode == 0 && wpath_len >= 2 && wpath_pos[0] == L'~') { result = rb_str_new_cstr("can't find user "); - result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1), + result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1, wpath_len - 1), cp, path_cp, path_encoding); if (wpath) @@ -478,7 +478,7 @@ rb_file_expand_path_internal(VALUE fname https://github.com/ruby/ruby/blob/trunk/win32/file.c#L478 } else if (abs_mode == 0 && wdir_len >= 2 && wdir_pos[0] == L'~') { result = rb_str_new_cstr("can't find user "); - result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1), + result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1, wdir_len - 1), cp, path_cp, path_encoding); if (wpath) free(wpath); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/