ruby-changes:50790
From: usa <ko1@a...>
Date: Wed, 28 Mar 2018 19:32:38 +0900 (JST)
Subject: [ruby-changes:50790] usa:r62996 (ruby_2_3): merge revision(s) 62991:
usa 2018-03-28 19:32:32 +0900 (Wed, 28 Mar 2018) New Revision: 62996 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62996 Log: merge revision(s) 62991: unixsocket.c: check NUL bytes * ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes. https://hackerone.com/reports/302997 Modified directories: branches/ruby_2_3/ Modified files: branches/ruby_2_3/ChangeLog branches/ruby_2_3/ext/socket/unixsocket.c branches/ruby_2_3/test/socket/test_unix.rb branches/ruby_2_3/version.h Index: ruby_2_3/version.h =================================================================== --- ruby_2_3/version.h (revision 62995) +++ ruby_2_3/version.h (revision 62996) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/version.h#L1 #define RUBY_VERSION "2.3.7" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 452 +#define RUBY_PATCHLEVEL 453 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 Index: ruby_2_3/ChangeLog =================================================================== --- ruby_2_3/ChangeLog (revision 62995) +++ ruby_2_3/ChangeLog (revision 62996) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ChangeLog#L1 +Wed Mar 28 19:30:54 2018 Nobuyoshi Nakada <nobu@r...> + + unixsocket.c: check NUL bytes + + * ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes. + https://hackerone.com/reports/302997 + Wed Mar 28 19:29:03 2018 SHIBATA Hiroshi <hsbt@r...> Ignore file separator from tmpfile/tmpdir name. Index: ruby_2_3/ext/socket/unixsocket.c =================================================================== --- ruby_2_3/ext/socket/unixsocket.c (revision 62995) +++ ruby_2_3/ext/socket/unixsocket.c (revision 62996) @@ -33,7 +33,7 @@ rsock_init_unixsock(VALUE sock, VALUE pa https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ext/socket/unixsocket.c#L33 int fd, status; rb_io_t *fptr; - SafeStringValue(path); + FilePathValue(path); INIT_SOCKADDR_UN(&sockaddr, sizeof(struct sockaddr_un)); if (sizeof(sockaddr.sun_path) < (size_t)RSTRING_LEN(path)) { Index: ruby_2_3/test/socket/test_unix.rb =================================================================== --- ruby_2_3/test/socket/test_unix.rb (revision 62995) +++ ruby_2_3/test/socket/test_unix.rb (revision 62996) @@ -285,6 +285,16 @@ class TestSocket_UNIXSocket < Test::Unit https://github.com/ruby/ruby/blob/trunk/ruby_2_3/test/socket/test_unix.rb#L285 File.unlink path if path && File.socket?(path) end + def test_open_nul_byte + tmpfile = Tempfile.new("s") + path = tmpfile.path + tmpfile.close(true) + assert_raise(ArgumentError) {UNIXServer.open(path+"\0")} + assert_raise(ArgumentError) {UNIXSocket.open(path+"\0")} + ensure + File.unlink path if path && File.socket?(path) + end + def test_addr bound_unix_socket(UNIXServer) {|serv, path| UNIXSocket.open(path) {|c| Index: ruby_2_3 =================================================================== --- ruby_2_3 (revision 62995) +++ ruby_2_3 (revision 62996) Property changes on: ruby_2_3 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r62991 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/