[前][次][番号順一覧][スレッド一覧]

ruby-changes:20975

From: nahi <ko1@a...>
Date: Tue, 23 Aug 2011 11:42:32 +0900 (JST)
Subject: [ruby-changes:20975] nahi:r33023 (trunk): * ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of

nahi	2011-08-23 11:36:13 +0900 (Tue, 23 Aug 2011)

  New Revision: 33023

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33023

  Log:
    * ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of
      gzip header is readable to avoid SEGV.
    
    * test/zlib/test_zlib.rb (test_corrupted_header): Test it.

  Modified files:
    trunk/ChangeLog
    trunk/ext/zlib/zlib.c
    trunk/test/zlib/test_zlib.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 33022)
+++ ChangeLog	(revision 33023)
@@ -1,3 +1,10 @@
+Tue Aug 23 11:27:26 2011  Hiroshi Nakamura  <nahi@r...>
+
+	* ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of
+	  gzip header is readable to avoid SEGV.
+
+	* test/zlib/test_zlib.rb (test_corrupted_header): Test it.
+
 Mon Aug 22 23:43:33 2011  CHIKANAGA Tomoyuki  <nagachika00@g...>
 
 	* sprintf.c (rb_str_format): add RB_GC_GUARD to prevent temporary
Index: ext/zlib/zlib.c
===================================================================
--- ext/zlib/zlib.c	(revision 33022)
+++ ext/zlib/zlib.c	(revision 33023)
@@ -2306,6 +2306,9 @@
 	zstream_discard_input(&gz->z, 2 + len);
     }
     if (flags & GZ_FLAG_ORIG_NAME) {
+	if (!gzfile_read_raw_ensure(gz, 1)) {
+	    rb_raise(cGzError, "unexpected end of file");
+	}
 	p = gzfile_read_raw_until_zero(gz, 0);
 	len = p - RSTRING_PTR(gz->z.input);
 	gz->orig_name = rb_str_new(RSTRING_PTR(gz->z.input), len);
@@ -2313,6 +2316,9 @@
 	zstream_discard_input(&gz->z, len + 1);
     }
     if (flags & GZ_FLAG_COMMENT) {
+	if (!gzfile_read_raw_ensure(gz, 1)) {
+	    rb_raise(cGzError, "unexpected end of file");
+	}
 	p = gzfile_read_raw_until_zero(gz, 0);
 	len = p - RSTRING_PTR(gz->z.input);
 	gz->comment = rb_str_new(RSTRING_PTR(gz->z.input), len);
Index: test/zlib/test_zlib.rb
===================================================================
--- test/zlib/test_zlib.rb	(revision 33022)
+++ test/zlib/test_zlib.rb	(revision 33023)
@@ -694,6 +694,20 @@
       assert_equal("foo", Zlib::GzipReader.wrap(f) {|gz| gz.read })
       assert_raise(IOError) { f.close }
     end
+
+    def test_corrupted_header
+      gz = Zlib::GzipWriter.new(StringIO.new(s = ""))
+      gz.orig_name = "X"
+      gz.comment = "Y"
+      gz.print("foo")
+      gz.finish
+      # 14: magic(2) + method(1) + flag(1) + mtime(4) + exflag(1) + os(1) + orig_name(2) + comment(2)
+      1.upto(14) do |idx|
+        assert_raise(Zlib::GzipFile::Error, idx) do
+          Zlib::GzipReader.new(StringIO.new(s[0, idx])).read
+        end
+      end
+    end
   end
 
   class TestZlibGzipWriter < Test::Unit::TestCase

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]