ruby-changes:50812
From: usa <ko1@a...>
Date: Wed, 28 Mar 2018 23:38:45 +0900 (JST)
Subject: [ruby-changes:50812] usa:r63019 (ruby_2_2): merge revision(s) 62992:
usa 2018-03-28 23:38:39 +0900 (Wed, 28 Mar 2018) New Revision: 63019 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=63019 Log: merge revision(s) 62992: pack.c: fix underflow * pack.c (pack_unpack_internal): get rid of underflow. https://hackerone.com/reports/298246 Modified directories: branches/ruby_2_2/ Modified files: branches/ruby_2_2/ChangeLog branches/ruby_2_2/pack.c branches/ruby_2_2/test/ruby/test_pack.rb branches/ruby_2_2/version.h Index: ruby_2_2/ChangeLog =================================================================== --- ruby_2_2/ChangeLog (revision 63018) +++ ruby_2_2/ChangeLog (revision 63019) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1 +Wed Mar 28 23:37:18 2018 Nobuyoshi Nakada <nobu@r...> + + pack.c: fix underflow + + * pack.c (pack_unpack_internal): get rid of underflow. + https://hackerone.com/reports/298246 + Wed Mar 28 23:35:28 2018 Nobuyoshi Nakada <nobu@r...> unixsocket.c: check NUL bytes Index: ruby_2_2/pack.c =================================================================== --- ruby_2_2/pack.c (revision 63018) +++ ruby_2_2/pack.c (revision 63019) @@ -1203,7 +1203,7 @@ pack_unpack(VALUE str, VALUE fmt) https://github.com/ruby/ruby/blob/trunk/ruby_2_2/pack.c#L1203 else if (ISDIGIT(*p)) { errno = 0; len = STRTOUL(p, (char**)&p, 10); - if (errno) { + if (len < 0 || errno) { rb_raise(rb_eRangeError, "pack length too big"); } } Index: ruby_2_2/test/ruby/test_pack.rb =================================================================== --- ruby_2_2/test/ruby/test_pack.rb (revision 63018) +++ ruby_2_2/test/ruby/test_pack.rb (revision 63019) @@ -480,6 +480,9 @@ class TestPack < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/ruby/test_pack.rb#L480 assert_equal([1, 2], "\x01\x00\x00\x02".unpack("C@3C")) assert_equal([nil], "\x00".unpack("@1C")) # is it OK? assert_raise(ArgumentError) { "\x00".unpack("@2C") } + + pos = (1 << [nil].pack("p").bytesize * 8) - 100 # -100 + assert_raise(RangeError) {"0123456789".unpack("@#{pos}C10")} end def test_pack_unpack_percent Index: ruby_2_2/version.h =================================================================== --- ruby_2_2/version.h (revision 63018) +++ ruby_2_2/version.h (revision 63019) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1 #define RUBY_VERSION "2.2.10" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 485 +#define RUBY_PATCHLEVEL 486 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 Index: ruby_2_2 =================================================================== --- ruby_2_2 (revision 63018) +++ ruby_2_2 (revision 63019) Property changes on: ruby_2_2 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r62992 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/