[前][次][番号順一覧][スレッド一覧]

ruby-changes:37543

From: usa <ko1@a...>
Date: Tue, 17 Feb 2015 17:48:37 +0900 (JST)
Subject: [ruby-changes:37543] usa:r49624 (ruby_2_0_0): merge revision(s) 49543, 49557: [Backport #10854]

usa	2015-02-17 17:48:18 +0900 (Tue, 17 Feb 2015)

  New Revision: 49624

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=49624

  Log:
    merge revision(s) 49543,49557: [Backport #10854]
    
    * ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
      get rid of GHOST vulnerability on very old platforms.
    
    * ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
      check for the canonnical name.
      check for the canonical name.

  Modified directories:
    branches/ruby_2_0_0/
  Modified files:
    branches/ruby_2_0_0/ChangeLog
    branches/ruby_2_0_0/ext/socket/getaddrinfo.c
    branches/ruby_2_0_0/ext/socket/raddrinfo.c
    branches/ruby_2_0_0/version.h
Index: ruby_2_0_0/ChangeLog
===================================================================
--- ruby_2_0_0/ChangeLog	(revision 49623)
+++ ruby_2_0_0/ChangeLog	(revision 49624)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1
+Tue Feb 17 17:37:14 2015  Nobuyoshi Nakada  <nobu@r...>
+
+	* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
+	  get rid of GHOST vulnerability on very old platforms.
+
+	* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
+	  check for the canonical name.
+
 Fri Jan 30 16:49:15 2015  Nobuyoshi Nakada  <nobu@r...>
 
 	* object.c: [DOC] Revise documentation by Marcus Stollsteimer at
Index: ruby_2_0_0/ext/socket/raddrinfo.c
===================================================================
--- ruby_2_0_0/ext/socket/raddrinfo.c	(revision 49623)
+++ ruby_2_0_0/ext/socket/raddrinfo.c	(revision 49624)
@@ -501,7 +501,8 @@ make_hostent_internal(struct hostent_arg https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ext/socket/raddrinfo.c#L501
     }
     rb_ary_push(ary, rb_str_new2(hostp));
 
-    if (addr->ai_canonname && (h = gethostbyname(addr->ai_canonname))) {
+    if (addr->ai_canonname && strlen(addr->ai_canonname) < NI_MAXHOST &&
+	(h = gethostbyname(addr->ai_canonname))) {
         names = rb_ary_new();
         if (h->h_aliases != NULL) {
             for (pch = h->h_aliases; *pch; pch++) {
Index: ruby_2_0_0/ext/socket/getaddrinfo.c
===================================================================
--- ruby_2_0_0/ext/socket/getaddrinfo.c	(revision 49623)
+++ ruby_2_0_0/ext/socket/getaddrinfo.c	(revision 49624)
@@ -589,6 +589,7 @@ get_addr(const char *hostname, int af, s https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ext/socket/getaddrinfo.c#L589
 	} else
 		hp = getipnodebyname(hostname, af, AI_ADDRCONFIG, &h_error);
 #else
+	if (strlen(hostname) >= NI_MAXHOST) ERR(EAI_NODATA);
 	hp = gethostbyname((char*)hostname);
 	h_error = h_errno;
 #endif
Index: ruby_2_0_0/version.h
===================================================================
--- ruby_2_0_0/version.h	(revision 49623)
+++ ruby_2_0_0/version.h	(revision 49624)
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/version.h#L1
 #define RUBY_VERSION "2.0.0"
-#define RUBY_RELEASE_DATE "2015-01-30"
-#define RUBY_PATCHLEVEL 630
+#define RUBY_RELEASE_DATE "2015-02-17"
+#define RUBY_PATCHLEVEL 631
 
 #define RUBY_RELEASE_YEAR 2015
-#define RUBY_RELEASE_MONTH 1
-#define RUBY_RELEASE_DAY 30
+#define RUBY_RELEASE_MONTH 2
+#define RUBY_RELEASE_DAY 17
 
 #include "ruby/version.h"
 

Property changes on: ruby_2_0_0
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r49543,49557


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]