[前][次][番号順一覧][スレッド一覧]

ruby-changes:43867

From: usa <ko1@a...>
Date: Tue, 16 Aug 2016 21:01:08 +0900 (JST)
Subject: [ruby-changes:43867] usa:r55940 (ruby_2_2): merge revision(s) 55410: [Backport #12488]

usa	2016-08-16 21:01:03 +0900 (Tue, 16 Aug 2016)

  New Revision: 55940

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55940

  Log:
    merge revision(s) 55410: [Backport #12488]
    
    * ext/date/date_strftime.c (date_strftime_with_tmx): reject too
      large precision to get rid of buffer overflow.
      reported by Guido Vranken <guido AT guidovranken.nl>.

  Modified directories:
    branches/ruby_2_2/
  Modified files:
    branches/ruby_2_2/ChangeLog
    branches/ruby_2_2/ext/date/date_strftime.c
    branches/ruby_2_2/test/date/test_date_strftime.rb
    branches/ruby_2_2/version.h
Index: ruby_2_2/ChangeLog
===================================================================
--- ruby_2_2/ChangeLog	(revision 55939)
+++ ruby_2_2/ChangeLog	(revision 55940)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1
+Tue Aug 16 20:59:35 2016  Nobuyoshi Nakada  <nobu@r...>
+
+	* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
+	  large precision to get rid of buffer overflow.
+	  reported by Guido Vranken <guido AT guidovranken.nl>.
+
 Tue Aug 16 20:58:11 2016  NARUSE, Yui  <naruse@r...>
 
 	* regcomp.c (noname_disable_map): don't optimize out group 0
Index: ruby_2_2/test/date/test_date_strftime.rb
===================================================================
--- ruby_2_2/test/date/test_date_strftime.rb	(revision 55939)
+++ ruby_2_2/test/date/test_date_strftime.rb	(revision 55940)
@@ -419,4 +419,12 @@ class TestDateStrftime < Test::Unit::Tes https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/date/test_date_strftime.rb#L419
 
   end
 
+  def test_overflow
+    assert_raise(ArgumentError, Errno::ERANGE) {
+      Date.new(2000,1,1).strftime("%2147483647c")
+    }
+    assert_raise(ArgumentError, Errno::ERANGE) {
+      DateTime.new(2000,1,1).strftime("%2147483647c")
+    }
+  end
 end
Index: ruby_2_2/ext/date/date_strftime.c
===================================================================
--- ruby_2_2/ext/date/date_strftime.c	(revision 55939)
+++ ruby_2_2/ext/date/date_strftime.c	(revision 55940)
@@ -48,7 +48,7 @@ downcase(char *s, size_t i) https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ext/date/date_strftime.c#L48
 /* strftime --- produce formatted time */
 
 static size_t
-date_strftime_with_tmx(char *s, size_t maxsize, const char *format,
+date_strftime_with_tmx(char *s, const size_t maxsize, const char *format,
 		       const struct tmx *tmx)
 {
     char *endp = s + maxsize;
@@ -575,7 +575,12 @@ date_strftime_with_tmx(char *s, size_t m https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ext/date/date_strftime.c#L575
 	  case '5': case '6':  case '7': case '8': case '9':
 	    {
 		char *e;
-		precision = (int)strtoul(format, &e, 10);
+		unsigned long prec = strtoul(format, &e, 10);
+		if (prec > INT_MAX || prec > maxsize) {
+		    errno = ERANGE;
+		    return 0;
+		}
+		precision = (int)prec;
 		format = e - 1;
 		goto again;
 	    }
Index: ruby_2_2/version.h
===================================================================
--- ruby_2_2/version.h	(revision 55939)
+++ ruby_2_2/version.h	(revision 55940)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1
 #define RUBY_VERSION "2.2.6"
 #define RUBY_RELEASE_DATE "2016-08-16"
-#define RUBY_PATCHLEVEL 366
+#define RUBY_PATCHLEVEL 367
 
 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 8

Property changes on: ruby_2_2
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r55410


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]