[前][次][番号順一覧][スレッド一覧]

ruby-changes:36847

From: nobu <ko1@a...>
Date: Tue, 23 Dec 2014 17:59:08 +0900 (JST)
Subject: [ruby-changes:36847] nobu:r48928 (trunk): registry.rb: fix buffer overflow

nobu	2014-12-23 17:58:53 +0900 (Tue, 23 Dec 2014)

  New Revision: 48928

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=48928

  Log:
    registry.rb: fix buffer overflow
    
    * ext/win32/lib/win32/registry.rb (Win32::Registry::Error#initialize):
      should not re-use sliced string as buffer, to get rid of buffer
      overflow.  [ruby-core:65295] [Bug #10300]

  Modified files:
    trunk/ext/win32/lib/win32/registry.rb
Index: ext/win32/lib/win32/registry.rb
===================================================================
--- ext/win32/lib/win32/registry.rb	(revision 48927)
+++ ext/win32/lib/win32/registry.rb	(revision 48928)
@@ -174,11 +174,11 @@ For detail, see the MSDN[http://msdn.mic https://github.com/ruby/ruby/blob/trunk/ext/win32/lib/win32/registry.rb#L174
       FormatMessageW = Kernel32.extern "int FormatMessageW(int, void *, int, int, void *, int, void *)", :stdcall
       def initialize(code)
         @code = code
-        msg = WCHAR_NUL * 1024
+        buff = WCHAR_NUL * 1024
         lang = 0
         begin
-          len = FormatMessageW.call(0x1200, 0, code, lang, msg, 1024, 0)
-          msg = msg.byteslice(0, len * WCHAR_SIZE)
+          len = FormatMessageW.call(0x1200, 0, code, lang, buff, 1024, 0)
+          msg = buff.byteslice(0, len * WCHAR_SIZE)
           msg.delete!(WCHAR_CR)
           msg.chomp!
           msg.encode!(LOCALE)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]