ruby-changes:43837
From: nagachika <ko1@a...>
Date: Tue, 16 Aug 2016 04:47:46 +0900 (JST)
Subject: [ruby-changes:43837] nagachika:r55910 (ruby_2_3): merge revision(s) 55410: [Backport #12488]
nagachika 2016-08-16 04:47:39 +0900 (Tue, 16 Aug 2016) New Revision: 55910 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55910 Log: merge revision(s) 55410: [Backport #12488] * ext/date/date_strftime.c (date_strftime_with_tmx): reject too large precision to get rid of buffer overflow. reported by Guido Vranken <guido AT guidovranken.nl>. Modified directories: branches/ruby_2_3/ Modified files: branches/ruby_2_3/ChangeLog branches/ruby_2_3/ext/date/date_strftime.c branches/ruby_2_3/test/date/test_date_strftime.rb branches/ruby_2_3/version.h Index: ruby_2_3/ChangeLog =================================================================== --- ruby_2_3/ChangeLog (revision 55909) +++ ruby_2_3/ChangeLog (revision 55910) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ChangeLog#L1 +Tue Aug 16 04:38:48 2016 Nobuyoshi Nakada <nobu@r...> + + * ext/date/date_strftime.c (date_strftime_with_tmx): reject too + large precision to get rid of buffer overflow. + reported by Guido Vranken <guido AT guidovranken.nl>. + Tue Aug 16 04:28:22 2016 Nobuyoshi Nakada <nobu@r...> * file.c (append_fspath): normalize directory name to be appended Index: ruby_2_3/test/date/test_date_strftime.rb =================================================================== --- ruby_2_3/test/date/test_date_strftime.rb (revision 55909) +++ ruby_2_3/test/date/test_date_strftime.rb (revision 55910) @@ -420,4 +420,12 @@ class TestDateStrftime < Test::Unit::Tes https://github.com/ruby/ruby/blob/trunk/ruby_2_3/test/date/test_date_strftime.rb#L420 end + def test_overflow + assert_raise(ArgumentError, Errno::ERANGE) { + Date.new(2000,1,1).strftime("%2147483647c") + } + assert_raise(ArgumentError, Errno::ERANGE) { + DateTime.new(2000,1,1).strftime("%2147483647c") + } + end end Index: ruby_2_3/ext/date/date_strftime.c =================================================================== --- ruby_2_3/ext/date/date_strftime.c (revision 55909) +++ ruby_2_3/ext/date/date_strftime.c (revision 55910) @@ -48,7 +48,7 @@ downcase(char *s, size_t i) https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ext/date/date_strftime.c#L48 /* strftime --- produce formatted time */ static size_t -date_strftime_with_tmx(char *s, size_t maxsize, const char *format, +date_strftime_with_tmx(char *s, const size_t maxsize, const char *format, const struct tmx *tmx) { char *endp = s + maxsize; @@ -575,7 +575,12 @@ date_strftime_with_tmx(char *s, size_t m https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ext/date/date_strftime.c#L575 case '5': case '6': case '7': case '8': case '9': { char *e; - precision = (int)strtoul(format, &e, 10); + unsigned long prec = strtoul(format, &e, 10); + if (prec > INT_MAX || prec > maxsize) { + errno = ERANGE; + return 0; + } + precision = (int)prec; format = e - 1; goto again; } Index: ruby_2_3/version.h =================================================================== --- ruby_2_3/version.h (revision 55909) +++ ruby_2_3/version.h (revision 55910) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/version.h#L1 #define RUBY_VERSION "2.3.2" #define RUBY_RELEASE_DATE "2016-08-16" -#define RUBY_PATCHLEVEL 160 +#define RUBY_PATCHLEVEL 161 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 8 Property changes on: ruby_2_3 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r55410 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/