[前][次][番号順一覧][スレッド一覧]

ruby-changes:37524

From: naruse <ko1@a...>
Date: Sun, 15 Feb 2015 13:16:19 +0900 (JST)
Subject: [ruby-changes:37524] naruse:r49605 (ruby_2_2): merge revision(s) 49543: [Backport #10854]

naruse	2015-02-15 13:16:03 +0900 (Sun, 15 Feb 2015)

  New Revision: 49605

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=49605

  Log:
    merge revision(s) 49543: [Backport #10854]
    
    * ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
      get rid of GHOST vulnerability on very old platforms.
    
    * ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
      check for the canonnical name.

  Modified directories:
    branches/ruby_2_2/
  Modified files:
    branches/ruby_2_2/ChangeLog
    branches/ruby_2_2/ext/socket/getaddrinfo.c
    branches/ruby_2_2/ext/socket/raddrinfo.c
    branches/ruby_2_2/version.h
Index: ruby_2_2/ChangeLog
===================================================================
--- ruby_2_2/ChangeLog	(revision 49604)
+++ ruby_2_2/ChangeLog	(revision 49605)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1
+Sun Feb 15 13:15:46 2015  Nobuyoshi Nakada  <nobu@r...>
+
+	* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
+	  get rid of GHOST vulnerability on very old platforms.
+
+	* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
+	  check for the canonnical name.
+
 Sat Feb 14 13:27:41 2015  Nobuyoshi Nakada  <nobu@r...>
 
 	* vm_eval.c (send_internal), vm_insnhelper.c (vm_call_opt_send):
Index: ruby_2_2/ext/socket/raddrinfo.c
===================================================================
--- ruby_2_2/ext/socket/raddrinfo.c	(revision 49604)
+++ ruby_2_2/ext/socket/raddrinfo.c	(revision 49605)
@@ -617,7 +617,8 @@ make_hostent_internal(struct hostent_arg https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ext/socket/raddrinfo.c#L617
     }
     rb_ary_push(ary, rb_str_new2(hostp));
 
-    if (addr->ai_canonname && (h = gethostbyname(addr->ai_canonname))) {
+    if (addr->ai_canonname && strlen(addr->ai_canonname) < NI_MAXHOST &&
+	(h = gethostbyname(addr->ai_canonname))) {
         names = rb_ary_new();
         if (h->h_aliases != NULL) {
             for (pch = h->h_aliases; *pch; pch++) {
Index: ruby_2_2/ext/socket/getaddrinfo.c
===================================================================
--- ruby_2_2/ext/socket/getaddrinfo.c	(revision 49604)
+++ ruby_2_2/ext/socket/getaddrinfo.c	(revision 49605)
@@ -593,6 +593,7 @@ get_addr(const char *hostname, int af, s https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ext/socket/getaddrinfo.c#L593
 	} else
 		hp = getipnodebyname(hostname, af, AI_ADDRCONFIG, &h_error);
 #else
+	if (strlen(hostname) >= NI_MAXHOST) ERR(EAI_NODATA);
 	hp = gethostbyname((char*)hostname);
 	h_error = h_errno;
 #endif
Index: ruby_2_2/version.h
===================================================================
--- ruby_2_2/version.h	(revision 49604)
+++ ruby_2_2/version.h	(revision 49605)
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1
 #define RUBY_VERSION "2.2.0"
-#define RUBY_RELEASE_DATE "2015-02-14"
-#define RUBY_PATCHLEVEL 48
+#define RUBY_RELEASE_DATE "2015-02-15"
+#define RUBY_PATCHLEVEL 49
 
 #define RUBY_RELEASE_YEAR 2015
 #define RUBY_RELEASE_MONTH 2
-#define RUBY_RELEASE_DAY 14
+#define RUBY_RELEASE_DAY 15
 
 #include "ruby/version.h"
 

Property changes on: ruby_2_2
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r49543


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]