[前][次][番号順一覧][スレッド一覧]

ruby-changes:4551

From: ko1@a...
Date: Tue, 15 Apr 2008 23:42:57 +0900 (JST)
Subject: [ruby-changes:4551] knu - Ruby:r16044 (ruby_1_8): * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.

knu	2008-04-15 23:42:44 +0900 (Tue, 15 Apr 2008)

  New Revision: 16044

  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/ext/syck/rubyext.c

  Log:
    * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.


  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ChangeLog?r1=16044&r2=16043&diff_format=u
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ext/syck/rubyext.c?r1=16044&r2=16043&diff_format=u

Index: ruby_1_8/ext/syck/rubyext.c
===================================================================
--- ruby_1_8/ext/syck/rubyext.c	(revision 16043)
+++ ruby_1_8/ext/syck/rubyext.c	(revision 16044)
@@ -268,9 +268,13 @@
     {
         char padded[] = "000000";
         char *end = ptr + 1;
+        char *p = end;
         while ( isdigit( *end ) ) end++;
-        MEMCPY(padded, ptr + 1, char, end - (ptr + 1));
-        usec = strtol(padded, NULL, 10);
+        if (end - p < sizeof(padded)) {
+            MEMCPY(padded, ptr + 1, char, end - (ptr + 1));
+            p = padded;
+        }
+        usec = strtol(p, NULL, 10);
     }
     else
     {
Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 16043)
+++ ruby_1_8/ChangeLog	(revision 16044)
@@ -1,3 +1,7 @@
+Tue Apr 15 23:40:39 2008  Akinori MUSHA  <knu@i...>
+
+	* ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.
+
 Tue Apr 15 20:32:03 2008  Tanaka Akira  <akr@f...>
 
 	* re.c (match_inspect): backported from 1.9.

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]