[前][次][番号順一覧][スレッド一覧]

ruby-changes:49130

From: usa <ko1@a...>
Date: Thu, 14 Dec 2017 22:53:53 +0900 (JST)
Subject: [ruby-changes:49130] usa:r61246 (ruby_2_2): merge revision(s) 61242: [Backport #14185]

usa	2017-12-14 22:53:48 +0900 (Thu, 14 Dec 2017)

  New Revision: 61246

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=61246

  Log:
    merge revision(s) 61242: [Backport #14185]
    
    Fix a command injection vulnerability in Net::FTP.

  Modified directories:
    branches/ruby_2_2/
  Modified files:
    branches/ruby_2_2/ChangeLog
    branches/ruby_2_2/lib/net/ftp.rb
    branches/ruby_2_2/test/net/ftp/test_ftp.rb
    branches/ruby_2_2/version.h
Index: ruby_2_2/lib/net/ftp.rb
===================================================================
--- ruby_2_2/lib/net/ftp.rb	(revision 61245)
+++ ruby_2_2/lib/net/ftp.rb	(revision 61246)
@@ -606,10 +606,10 @@ module Net https://github.com/ruby/ruby/blob/trunk/ruby_2_2/lib/net/ftp.rb#L606
       if localfile
         if @resume
           rest_offset = File.size?(localfile)
-          f = open(localfile, "a")
+          f = File.open(localfile, "a")
         else
           rest_offset = nil
-          f = open(localfile, "w")
+          f = File.open(localfile, "w")
         end
       elsif !block_given?
         result = ""
@@ -637,7 +637,7 @@ module Net https://github.com/ruby/ruby/blob/trunk/ruby_2_2/lib/net/ftp.rb#L637
     def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line
       result = nil
       if localfile
-        f = open(localfile, "w")
+        f = File.open(localfile, "w")
       elsif !block_given?
         result = ""
       end
@@ -683,7 +683,7 @@ module Net https://github.com/ruby/ruby/blob/trunk/ruby_2_2/lib/net/ftp.rb#L683
       else
         rest_offset = nil
       end
-      f = open(localfile)
+      f = File.open(localfile)
       begin
         f.binmode
         if rest_offset
@@ -702,7 +702,7 @@ module Net https://github.com/ruby/ruby/blob/trunk/ruby_2_2/lib/net/ftp.rb#L702
     # passing in the transmitted data one line at a time.
     #
     def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line
-      f = open(localfile)
+      f = File.open(localfile)
       begin
         storlines("STOR " + remotefile, f, &block)
       ensure
Index: ruby_2_2/ChangeLog
===================================================================
--- ruby_2_2/ChangeLog	(revision 61245)
+++ ruby_2_2/ChangeLog	(revision 61246)
@@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1
+Thu Dec 14 22:52:11 2017  Shugo Maeda  <shugo@r...>
+
+	Fix a command injection vulnerability in Net::FTP.
+
 Thu Dec 14 22:49:08 2017  SHIBATA Hiroshi  <hsbt@r...>
 
 	Merge rubygems-2.6.14 changes.
Index: ruby_2_2/version.h
===================================================================
--- ruby_2_2/version.h	(revision 61245)
+++ ruby_2_2/version.h	(revision 61246)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1
 #define RUBY_VERSION "2.2.9"
 #define RUBY_RELEASE_DATE "2017-12-14"
-#define RUBY_PATCHLEVEL 478
+#define RUBY_PATCHLEVEL 479
 
 #define RUBY_RELEASE_YEAR 2017
 #define RUBY_RELEASE_MONTH 12
Index: ruby_2_2/test/net/ftp/test_ftp.rb
===================================================================
--- ruby_2_2/test/net/ftp/test_ftp.rb	(revision 61245)
+++ ruby_2_2/test/net/ftp/test_ftp.rb	(revision 61246)
@@ -2,6 +2,7 @@ require "net/ftp" https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/net/ftp/test_ftp.rb#L2
 require "test/unit"
 require "ostruct"
 require "stringio"
+require "tmpdir"
 
 class FTPTest < Test::Unit::TestCase
   SERVER_ADDR = "127.0.0.1"
@@ -825,6 +826,227 @@ class FTPTest < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/net/ftp/test_ftp.rb#L826
     end
   end
 
+  def test_getbinaryfile_command_injection
+    skip "| is not allowed in filename on Windows" if windows?
+    [false, true].each do |resume|
+      commands = []
+      binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
+      server = create_ftp_server { |sock|
+        sock.print("220 (test_ftp).\r\n")
+        commands.push(sock.gets)
+        sock.print("331 Please specify the password.\r\n")
+        commands.push(sock.gets)
+        sock.print("230 Login successful.\r\n")
+        commands.push(sock.gets)
+        sock.print("200 Switching to Binary mode.\r\n")
+        line = sock.gets
+        commands.push(line)
+        host, port = process_port_or_eprt(sock, line)
+        commands.push(sock.gets)
+        sock.print("150 Opening BINARY mode data connection for |echo hello (#{binary_data.size} bytes)\r\n")
+        conn = TCPSocket.new(host, port)
+        binary_data.scan(/.{1,1024}/nm) do |s|
+          conn.print(s)
+        end
+        conn.shutdown(Socket::SHUT_WR)
+        conn.read
+        conn.close
+        sock.print("226 Transfer complete.\r\n")
+      }
+      begin
+        chdir_to_tmpdir do
+          begin
+            ftp = Net::FTP.new
+            ftp.resume = resume
+            ftp.read_timeout = 0.2
+            ftp.connect(SERVER_ADDR, server.port)
+            ftp.login
+            assert_match(/\AUSER /, commands.shift)
+            assert_match(/\APASS /, commands.shift)
+            assert_equal("TYPE I\r\n", commands.shift)
+            ftp.getbinaryfile("|echo hello")
+            assert_equal(binary_data, File.binread("./|echo hello"))
+            assert_match(/\A(PORT|EPRT) /, commands.shift)
+            assert_equal("RETR |echo hello\r\n", commands.shift)
+            assert_equal(nil, commands.shift)
+          ensure
+            ftp.close if ftp
+          end
+        end
+      ensure
+        server.close
+      end
+    end
+  end
+
+  def test_gettextfile_command_injection
+    skip "| is not allowed in filename on Windows" if windows?
+    commands = []
+    text_data = <<EOF.gsub(/\n/, "\r\n")
+foo
+bar
+baz
+EOF
+    server = create_ftp_server { |sock|
+      sock.print("220 (test_ftp).\r\n")
+      commands.push(sock.gets)
+      sock.print("331 Please specify the password.\r\n")
+      commands.push(sock.gets)
+      sock.print("230 Login successful.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to Binary mode.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to ASCII mode.\r\n")
+      line = sock.gets
+      commands.push(line)
+      host, port = process_port_or_eprt(sock, line)
+      commands.push(sock.gets)
+      sock.print("150 Opening TEXT mode data connection for |echo hello (#{text_data.size} bytes)\r\n")
+      conn = TCPSocket.new(host, port)
+      text_data.each_line do |l|
+        conn.print(l)
+      end
+      conn.shutdown(Socket::SHUT_WR)
+      conn.read
+      conn.close
+      sock.print("226 Transfer complete.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to Binary mode.\r\n")
+    }
+    begin
+      chdir_to_tmpdir do
+        begin
+          ftp = Net::FTP.new
+          ftp.connect(SERVER_ADDR, server.port)
+          ftp.login
+          assert_match(/\AUSER /, commands.shift)
+          assert_match(/\APASS /, commands.shift)
+          assert_equal("TYPE I\r\n", commands.shift)
+          ftp.gettextfile("|echo hello")
+          assert_equal(text_data.gsub(/\r\n/, "\n"),
+                       File.binread("./|echo hello"))
+          assert_equal("TYPE A\r\n", commands.shift)
+          assert_match(/\A(PORT|EPRT) /, commands.shift)
+          assert_equal("RETR |echo hello\r\n", commands.shift)
+          assert_equal("TYPE I\r\n", commands.shift)
+          assert_equal(nil, commands.shift)
+        ensure
+          ftp.close if ftp
+        end
+      end
+    ensure
+      server.close
+    end
+  end
+
+  def test_putbinaryfile_command_injection
+    skip "| is not allowed in filename on Windows" if windows?
+    commands = []
+    binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
+    received_data = nil
+    server = create_ftp_server { |sock|
+      sock.print("220 (test_ftp).\r\n")
+      commands.push(sock.gets)
+      sock.print("331 Please specify the password.\r\n")
+      commands.push(sock.gets)
+      sock.print("230 Login successful.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to Binary mode.\r\n")
+      line = sock.gets
+      commands.push(line)
+      host, port = process_port_or_eprt(sock, line)
+      commands.push(sock.gets)
+      sock.print("150 Opening BINARY mode data connection for |echo hello (#{binary_data.size} bytes)\r\n")
+      conn = TCPSocket.new(host, port)
+      received_data = conn.read
+      conn.close
+      sock.print("226 Transfer complete.\r\n")
+    }
+    begin
+      chdir_to_tmpdir do
+        File.binwrite("./|echo hello", binary_data)
+        begin
+          ftp = Net::FTP.new
+          ftp.read_timeout = 0.2
+          ftp.connect(SERVER_ADDR, server.port)
+          ftp.login
+          assert_match(/\AUSER /, commands.shift)
+          assert_match(/\APASS /, commands.shift)
+          assert_equal("TYPE I\r\n", commands.shift)
+          ftp.putbinaryfile("|echo hello")
+          assert_equal(binary_data, received_data)
+          assert_match(/\A(PORT|EPRT) /, commands.shift)
+          assert_equal("STOR |echo hello\r\n", commands.shift)
+          assert_equal(nil, commands.shift)
+        ensure
+          ftp.close if ftp
+        end
+      end
+    ensure
+      server.close
+    end
+  end
+
+  def test_puttextfile_command_injection
+    skip "| is not allowed in filename on Windows" if windows?
+    commands = []
+    received_data = nil
+    server = create_ftp_server { |sock|
+      sock.print("220 (test_ftp).\r\n")
+      commands.push(sock.gets)
+      sock.print("331 Please specify the password.\r\n")
+      commands.push(sock.gets)
+      sock.print("230 Login successful.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to Binary mode.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to ASCII mode.\r\n")
+      line = sock.gets
+      commands.push(line)
+      host, port = process_port_or_eprt(sock, line)
+      commands.push(sock.gets)
+      sock.print("150 Opening TEXT mode data connection for |echo hello\r\n")
+      conn = TCPSocket.new(host, port)
+      received_data = conn.read
+      conn.close
+      sock.print("226 Transfer complete.\r\n")
+      commands.push(sock.gets)
+      sock.print("200 Switching to Binary mode.\r\n")
+    }
+    begin
+      chdir_to_tmpdir do
+        File.open("|echo hello", "w") do |f|
+          f.puts("foo")
+          f.puts("bar")
+          f.puts("baz")
+        end
+        begin
+          ftp = Net::FTP.new
+          ftp.connect(SERVER_ADDR, server.port)
+          ftp.login
+          assert_match(/\AUSER /, commands.shift)
+          assert_match(/\APASS /, commands.shift)
+          assert_equal("TYPE I\r\n", commands.shift)
+          ftp.puttextfile("|echo hello")
+          assert_equal(<<EOF.gsub(/\n/, "\r\n"), received_data)
+foo
+bar
+baz
+EOF
+          assert_equal("TYPE A\r\n", commands.shift)
+          assert_match(/\A(PORT|EPRT) /, commands.shift)
+          assert_equal("STOR |echo hello\r\n", commands.shift)
+          assert_equal("TYPE I\r\n", commands.shift)
+          assert_equal(nil, commands.shift)
+        ensure
+          ftp.close if ftp
+        end
+      end
+    ensure
+      server.close
+    end
+  end
+
   private
 
   def create_ftp_server(sleep_time = nil)
@@ -847,4 +1069,16 @@ class FTPTest < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/net/ftp/test_ftp.rb#L1069
     end
     return server
   end
+
+  def chdir_to_tmpdir
+    Dir.mktmpdir do |dir|
+      pwd = Dir.pwd
+      Dir.chdir(dir)
+      begin
+        yield
+      ensure
+        Dir.chdir(pwd)
+      end
+    end
+  end
 end
Index: ruby_2_2
===================================================================
--- ruby_2_2	(revision 61245)
+++ ruby_2_2	(revision 61246)

Property changes on: ruby_2_2
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /trunk:r61242

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]