ruby-changes:5796
From: shyouhei <ko1@a...>
Date: Sun, 15 Jun 2008 23:06:28 +0900 (JST)
Subject: [ruby-changes:5796] Ruby:r17303 (ruby_1_8_6): merge revision(s) 16420,16454:
shyouhei 2008-06-15 23:06:16 +0900 (Sun, 15 Jun 2008) New Revision: 17303 Modified files: branches/ruby_1_8_6/ChangeLog branches/ruby_1_8_6/defines.h branches/ruby_1_8_6/file.c branches/ruby_1_8_6/version.h Log: merge revision(s) 16420,16454: * file.c (file_expand_path): support for alternative data stream and ignored trailing garbages of NTFS. * file.c (rb_file_s_basename): ditto. * file.c (rb_file_s_extname): ditto. * lib/webrick/httpservlet/filehandler.rb: should normalize path name in path_info to prevent script disclosure vulnerability on DOSISH filesystems. (fix: CVE-2008-1891) Note: NTFS/FAT filesystem should not be published by the platforms other than Windows. Pathname interpretation (including short filename) is less than perfect. * lib/webrick/httpservlet/abstract.rb (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): should escape the value of Location: header. * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter command line arguments. http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/ChangeLog?r1=17303&r2=17302&diff_format=u http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/version.h?r1=17303&r2=17302&diff_format=u http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/file.c?r1=17303&r2=17302&diff_format=u http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/defines.h?r1=17303&r2=17302&diff_format=u Index: ruby_1_8_6/ChangeLog =================================================================== --- ruby_1_8_6/ChangeLog (revision 17302) +++ ruby_1_8_6/ChangeLog (revision 17303) @@ -1,3 +1,28 @@ +Sun Jun 15 23:02:12 2008 GOTOU Yuuzou <gotoyuzo@n...> + + * lib/webrick/httpservlet/filehandler.rb: should normalize path + name in path_info to prevent script disclosure vulnerability on + DOSISH filesystems. (fix: CVE-2008-1891) + Note: NTFS/FAT filesystem should not be published by the platforms + other than Windows. Pathname interpretation (including short + filename) is less than perfect. + + * lib/webrick/httpservlet/abstract.rb + (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): + should escape the value of Location: header. + + * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter + command line arguments. + +Sun Jun 15 23:02:12 2008 Nobuyoshi Nakada <nobu@r...> + + * file.c (file_expand_path): support for alternative data stream + and ignored trailing garbages of NTFS. + + * file.c (rb_file_s_basename): ditto. + + * file.c (rb_file_s_extname): ditto. + Sun Jun 15 22:53:20 2008 Yukihiro Matsumoto <matz@r...> * string.c (rb_str_cat): fixed buffer overrun reported by Index: ruby_1_8_6/version.h =================================================================== --- ruby_1_8_6/version.h (revision 17302) +++ ruby_1_8_6/version.h (revision 17303) @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2008-06-15" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20080615 -#define RUBY_PATCHLEVEL 209 +#define RUBY_PATCHLEVEL 210 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 Index: ruby_1_8_6/defines.h =================================================================== --- ruby_1_8_6/defines.h (revision 17302) +++ ruby_1_8_6/defines.h (revision 17303) @@ -251,6 +251,14 @@ #define ENV_IGNORECASE #endif +#ifndef CASEFOLD_FILESYSTEM +# if defined DOSISH || defined __VMS +# define CASEFOLD_FILESYSTEM 1 +# else +# define CASEFOLD_FILESYSTEM 0 +# endif +#endif + #ifndef DLEXT_MAXLEN #define DLEXT_MAXLEN 4 #endif Index: ruby_1_8_6/file.c =================================================================== --- ruby_1_8_6/file.c (revision 17302) +++ ruby_1_8_6/file.c (revision 17303) @@ -2315,6 +2315,18 @@ #define isdirsep(x) ((x) == '/') #endif +#if defined _WIN32 || defined __CYGWIN__ +#define USE_NTFS 1 +#else +#define USE_NTFS 0 +#endif + +#if USE_NTFS +#define istrailinggabage(x) ((x) == '.' || (x) == ' ') +#else +#define istrailinggabage(x) 0 +#endif + #ifndef CharNext /* defined as CharNext[AW] on Windows. */ # if defined(DJGPP) # define CharNext(p) ((p) + mblen(p, MB_CUR_MAX)) @@ -2741,23 +2753,17 @@ if (p == skiproot(buf) - 1) p++; buflen = p - buf; - RSTRING(result)->len = buflen; +#if USE_NTFS *p = '\0'; -#if USE_NTFS - if (1 && -#ifdef __CYGWIN__ - !(buf[0] == '/' && !buf[1]) && -#endif - !strpbrk(b = buf, "*?")) { + if (!strpbrk(b = buf, "*?")) { size_t len; WIN32_FIND_DATA wfd; #ifdef __CYGWIN__ - int lnk_added = 0, is_symlink = 0; + int lnk_added = 0; struct stat st; char w32buf[MAXPATHLEN], sep = 0; p = 0; if (lstat(buf, &st) == 0 && S_ISLNK(st.st_mode)) { - is_symlink = 1; p = strrdirsep(buf); if (!p) p = skipprefix(buf); if (p) { @@ -2770,7 +2776,8 @@ } if (p) *p = sep; else p = buf; - if (is_symlink && b == w32buf) { + if (b == w32buf) { + strlcat(w32buf, p, sizeof(w32buf)); len = strlen(p); if (len > 4 && strcasecmp(p + len - 4, ".lnk") != 0) { lnk_added = 1; @@ -2798,6 +2805,8 @@ #endif if (tainted) OBJ_TAINT(result); + RSTRING(result)->len = buflen; + RSTRING(result)->ptr[buflen] = '\0'; return result; } @@ -2860,7 +2869,12 @@ } if (l1 < l2) return l1; - if (strncmp(p+l1-l2, e, l2) == 0) { +#if CASEFOLD_FILESYSTEM +#define fncomp strncasecmp +#else +#define fncomp strncmp +#endif + if (fncomp(p+l1-l2, e, l2) == 0) { return l1-l2; } return 0; @@ -3023,7 +3037,7 @@ if (!p) p = name; else - name = ++p; + p++; e = 0; while (*p) { @@ -3053,7 +3067,7 @@ break; p = CharNext(p); } - if (!e || e == name || e+1 == p) /* no dot, or the only dot is first or end? */ + if (!e || e+1 == p) /* no dot, or the only dot is first or end? */ return rb_str_new(0, 0); extname = rb_str_new(e, p - e); /* keep the dot, too! */ OBJ_INFECT(extname, fname); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/