merge revision(s) 62989:

dir.c: check NUL bytes

	* dir.c (GlobPathValue): should be used in rb_push_glob only.
	  other methods should use FilePathValue.
	  https://hackerone.com/reports/302338

	* dir.c (rb_push_glob): expand GlobPathValue

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@62999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

dir.c

@@ -456,15 +456,6 @@ static const rb_data_type_t dir_data_type = {
 
 static VALUE dir_close(VALUE);
 
-#define GlobPathValue(str, safe) \
-    /* can contain null bytes as separators */	\
-    (!RB_TYPE_P((str), T_STRING) ?		\
-     (void)FilePathValue(str) :			\
-     (void)(check_safe_glob((str), (safe)),		\
-      check_glob_encoding(str), (str)))
-#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0)
-#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding()))
-
 static VALUE
 dir_s_alloc(VALUE klass)
 {
@@ -513,7 +504,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir)
 	}
     }
 
-    GlobPathValue(dirname, FALSE);
+    FilePathValue(dirname);
     orig = rb_str_dup_frozen(dirname);
     dirname = rb_str_encode_ospath(dirname);
     dirname = rb_str_dup_frozen(dirname);
@@ -2301,7 +2292,14 @@ rb_push_glob(VALUE str, int flags) /* '\0' is delimiter */
     long offset = 0;
     VALUE ary;
 
-    GlobPathValue(str, TRUE);
+    /* can contain null bytes as separators */
+    if (!RB_TYPE_P((str), T_STRING)) {
+	FilePathValue(str);
+    }
+    else {
+	rb_check_safe_obj(str);
+	rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding()));
+    }
     ary = rb_ary_new();
 
     while (offset < RSTRING_LEN(str)) {
@@ -2331,7 +2329,7 @@ dir_globs(long argc, const VALUE *argv, int flags)
     for (i = 0; i < argc; ++i) {
 	int status;
 	VALUE str = argv[i];
-	GlobPathValue(str, TRUE);
+	FilePathValue(str);
 	status = push_glob(ary, str, flags);
 	if (status) GLOB_JUMP_TAG(status);
     }
@@ -2752,7 +2750,7 @@ rb_dir_s_empty_p(VALUE obj, VALUE dirname)
     const char *path;
     enum {false_on_notdir = 1};
 
-    GlobPathValue(dirname, FALSE);
+    FilePathValue(dirname);
     orig = rb_str_dup_frozen(dirname);
     dirname = rb_str_encode_ospath(dirname);
     dirname = rb_str_dup_frozen(dirname);

test/ruby/test_dir.rb

@@ -156,6 +156,9 @@ class TestDir < Test::Unit::TestCase
     open(File.join(@root, "}}a"), "wb") {}
     assert_equal(%w(}}{} }}a).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '}}{\{\},a}')))
     assert_equal(%w(}}{} }}a b c).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '{\}\}{\{\},a},b,c}')))
+    assert_raise(ArgumentError) {
+      Dir.glob([[@root, File.join(@root, "*")].join("\0")])
+    }
   end
 
   def test_glob_recursive
@@ -209,10 +212,12 @@ class TestDir < Test::Unit::TestCase
 
   def test_entries
     assert_entries(Dir.open(@root) {|dir| dir.entries})
+    assert_raise(ArgumentError) {Dir.entries(@root+"\0")}
   end
 
   def test_foreach
     assert_entries(Dir.foreach(@root).to_a)
+    assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a}
   end
 
   def test_dir_enc
@@ -369,6 +374,7 @@ class TestDir < Test::Unit::TestCase
     end
     assert_raise(Errno::ENOENT) {Dir.empty?(@nodir)}
     assert_not_send([Dir, :empty?, File.join(@root, "b")])
+    assert_raise(ArgumentError) {Dir.empty?(@root+"\0")}
   end
 
   def test_glob_gc_for_fd

version.h

@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.4.4"
 #define RUBY_RELEASE_DATE "2018-03-28"
-#define RUBY_PATCHLEVEL 290
+#define RUBY_PATCHLEVEL 291
 
 #define RUBY_RELEASE_YEAR 2018
 #define RUBY_RELEASE_MONTH 3