[前][次][番号順一覧][スレッド一覧]

ruby-changes:37519

From: nagachika <ko1@a...>
Date: Sun, 15 Feb 2015 07:37:03 +0900 (JST)
Subject: [ruby-changes:37519] nagachika:r49600 (ruby_2_1): merge revision(s) r49543, r49557: [Backport #10854]

nagachika	2015-02-15 07:36:43 +0900 (Sun, 15 Feb 2015)

  New Revision: 49600

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=49600

  Log:
    merge revision(s) r49543,r49557: [Backport #10854]
    
    * ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
      get rid of GHOST vulnerability on very old platforms.
    
    * ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
      check for the canonnical name.
      check for the canonical name.

  Modified directories:
    branches/ruby_2_1/
  Modified files:
    branches/ruby_2_1/ChangeLog
    branches/ruby_2_1/ext/socket/getaddrinfo.c
    branches/ruby_2_1/ext/socket/raddrinfo.c
    branches/ruby_2_1/version.h
Index: ruby_2_1/ChangeLog
===================================================================
--- ruby_2_1/ChangeLog	(revision 49599)
+++ ruby_2_1/ChangeLog	(revision 49600)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1
+Sun Feb 15 07:29:12 2015  Nobuyoshi Nakada  <nobu@r...>
+
+	* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
+	  get rid of GHOST vulnerability on very old platforms.
+
+	* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
+	  check for the canonical name.
+
 Mon Feb  2 22:57:30 2015  Nobuyoshi Nakada  <nobu@r...>
 
 	* ext/etc/etc.c (etc_getlogin): set login name encoding properly.
Index: ruby_2_1/ext/socket/raddrinfo.c
===================================================================
--- ruby_2_1/ext/socket/raddrinfo.c	(revision 49599)
+++ ruby_2_1/ext/socket/raddrinfo.c	(revision 49600)
@@ -617,7 +617,8 @@ make_hostent_internal(struct hostent_arg https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/socket/raddrinfo.c#L617
     }
     rb_ary_push(ary, rb_str_new2(hostp));
 
-    if (addr->ai_canonname && (h = gethostbyname(addr->ai_canonname))) {
+    if (addr->ai_canonname && strlen(addr->ai_canonname) < NI_MAXHOST &&
+	(h = gethostbyname(addr->ai_canonname))) {
         names = rb_ary_new();
         if (h->h_aliases != NULL) {
             for (pch = h->h_aliases; *pch; pch++) {
Index: ruby_2_1/ext/socket/getaddrinfo.c
===================================================================
--- ruby_2_1/ext/socket/getaddrinfo.c	(revision 49599)
+++ ruby_2_1/ext/socket/getaddrinfo.c	(revision 49600)
@@ -593,6 +593,7 @@ get_addr(const char *hostname, int af, s https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/socket/getaddrinfo.c#L593
 	} else
 		hp = getipnodebyname(hostname, af, AI_ADDRCONFIG, &h_error);
 #else
+	if (strlen(hostname) >= NI_MAXHOST) ERR(EAI_NODATA);
 	hp = gethostbyname((char*)hostname);
 	h_error = h_errno;
 #endif
Index: ruby_2_1/version.h
===================================================================
--- ruby_2_1/version.h	(revision 49599)
+++ ruby_2_1/version.h	(revision 49600)
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1
 #define RUBY_VERSION "2.1.5"
-#define RUBY_RELEASE_DATE "2015-02-13"
-#define RUBY_PATCHLEVEL 292
+#define RUBY_RELEASE_DATE "2015-02-15"
+#define RUBY_PATCHLEVEL 293
 
 #define RUBY_RELEASE_YEAR 2015
 #define RUBY_RELEASE_MONTH 2
-#define RUBY_RELEASE_DAY 13
+#define RUBY_RELEASE_DAY 15
 
 #include "ruby/version.h"
 

Property changes on: ruby_2_1
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r49543,49557


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]