[前][次][番号順一覧][スレッド一覧]

ruby-changes:35656

From: nobu <ko1@a...>
Date: Mon, 29 Sep 2014 22:55:00 +0900 (JST)
Subject: [ruby-changes:35656] nobu:r47738 (trunk): win32/file.c: fix no user exception

nobu	2014-09-29 22:54:50 +0900 (Mon, 29 Sep 2014)

  New Revision: 47738

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=47738

  Log:
    win32/file.c: fix no user exception
    
    * win32/file.c (append_wstr): set expanded length, not length of
      appended string.  fix "probable buffer overflow" bug.
      [ruby-core:65317] [Bug #10304]

  Modified files:
    trunk/ChangeLog
    trunk/win32/file.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 47737)
+++ ChangeLog	(revision 47738)
@@ -1,4 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
-Mon Sep 29 22:54:39 2014  Nobuyoshi Nakada  <nobu@r...>
+Mon Sep 29 22:54:51 2014  Nobuyoshi Nakada  <nobu@r...>
+
+	* win32/file.c (append_wstr): set expanded length, not length of
+	  appended string.  fix "probable buffer overflow" bug.
+	  [ruby-core:65317] [Bug #10304]
 
 	* string.c (str_make_independent_expand): drop NOFREE flag after
 	  reallocation, static buffer is not pointed anymore.
Index: win32/file.c
===================================================================
--- win32/file.c	(revision 47737)
+++ win32/file.c	(revision 47738)
@@ -272,14 +272,14 @@ replace_to_long_name(wchar_t **wfullpath https://github.com/ruby/ruby/blob/trunk/win32/file.c#L272
 }
 
 static inline size_t
-user_length_in_path(const wchar_t *wuser)
+user_length_in_path(const wchar_t *wuser, size_t len)
 {
-    const wchar_t *pos = wuser;
+    size_t i;
 
-    while (!IS_DIR_SEPARATOR_P(*pos) && *pos != '\0')
-	pos++;
+    for (i = 0; i < len && !IS_DIR_SEPARATOR_P(wuser[i]); i++)
+	;
 
-    return pos - wuser;
+    return i;
 }
 
 static VALUE
@@ -293,7 +293,7 @@ append_wstr(VALUE dst, const wchar_t *ws https://github.com/ruby/ruby/blob/trunk/win32/file.c#L293
 	rb_str_modify_expand(dst, nlen);
 	WideCharToMultiByte(cp, 0, ws, len, RSTRING_PTR(dst) + olen, nlen, NULL, NULL);
 	rb_enc_associate(dst, path_encoding);
-	rb_str_set_len(dst, nlen);
+	rb_str_set_len(dst, olen + nlen);
     }
     else {
 	const int replaceflags = ECONV_UNDEF_REPLACE|ECONV_INVALID_REPLACE;
@@ -402,7 +402,7 @@ rb_file_expand_path_internal(VALUE fname https://github.com/ruby/ruby/blob/trunk/win32/file.c#L402
     }
     else if (abs_mode == 0 && wpath_len >= 2 && wpath_pos[0] == L'~') {
 	result = rb_str_new_cstr("can't find user ");
-	result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1),
+	result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1, wpath_len - 1),
 			     cp, path_cp, path_encoding);
 
 	if (wpath)
@@ -478,7 +478,7 @@ rb_file_expand_path_internal(VALUE fname https://github.com/ruby/ruby/blob/trunk/win32/file.c#L478
 	}
 	else if (abs_mode == 0 && wdir_len >= 2 && wdir_pos[0] == L'~') {
 	    result = rb_str_new_cstr("can't find user ");
-	    result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1),
+	    result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1, wdir_len - 1),
 				 cp, path_cp, path_encoding);
 	    if (wpath)
 		free(wpath);

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]