[前][次][番号順一覧][スレッド一覧]

ruby-changes:31774

From: nobu <ko1@a...>
Date: Tue, 26 Nov 2013 16:30:43 +0900 (JST)
Subject: [ruby-changes:31774] nobu:r43853 (trunk): file.c: fix buffer overflow

nobu	2013-11-26 16:30:37 +0900 (Tue, 26 Nov 2013)

  New Revision: 43853

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=43853

  Log:
    file.c: fix buffer overflow
    
    * file.c (rb_readlink): fix buffer overflow on a long symlink. since
      rb_str_modify_expand() expands from its length but not its capacity,
      need to set the length properly for each expansion.
      [ruby-core:58592] [Bug #9157]

  Modified files:
    trunk/ChangeLog
    trunk/file.c
    trunk/test/ruby/test_file_exhaustive.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 43852)
+++ ChangeLog	(revision 43853)
@@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Tue Nov 26 16:30:31 2013  Nobuyoshi Nakada  <nobu@r...>
+
+	* file.c (rb_readlink): fix buffer overflow on a long symlink. since
+	  rb_str_modify_expand() expands from its length but not its capacity,
+	  need to set the length properly for each expansion.
+	  [ruby-core:58592] [Bug #9157]
+
 Tue Nov 26 14:23:17 2013  Aman Gupta <ruby@t...>
 
 	* ext/objspace/objspace_dump.c (dump_append_string_value): Escape
Index: test/ruby/test_file_exhaustive.rb
===================================================================
--- test/ruby/test_file_exhaustive.rb	(revision 43852)
+++ test/ruby/test_file_exhaustive.rb	(revision 43853)
@@ -391,6 +391,24 @@ class TestFileExhaustive < Test::Unit::T https://github.com/ruby/ruby/blob/trunk/test/ruby/test_file_exhaustive.rb#L391
   rescue NotImplementedError
   end
 
+  def test_readlink_long_path
+    return unless @symlinkfile
+    bug9157 = '[ruby-core:58592] [Bug #9157]'
+    assert_separately(["-", @symlinkfile, bug9157], <<-"end;")
+      symlinkfile, bug9157 = *ARGV
+      100.step(1000, 100) do |n|
+        File.unlink(symlinkfile)
+        link = "foo"*n
+        begin
+          File.symlink(link, symlinkfile)
+        rescue Errno::ENAMETOOLONG
+          break
+        end
+        assert_equal(link, File.readlink(symlinkfile), bug9157)
+      end
+    end;
+  end
+
   def test_unlink
     assert_equal(1, File.unlink(@file))
     make_file("foo", @file)
Index: file.c
===================================================================
--- file.c	(revision 43852)
+++ file.c	(revision 43853)
@@ -2618,6 +2618,7 @@ rb_readlink(VALUE path) https://github.com/ruby/ruby/blob/trunk/file.c#L2618
 	) {
 	rb_str_modify_expand(v, size);
 	size *= 2;
+	rb_str_set_len(v, size);
     }
     if (rv < 0) {
 	rb_str_resize(v, 0);

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]