archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-16 09:04:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

merge revision(s) 55410: [Backport #12488]

Browse source 
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
	  large precision to get rid of buffer overflow.
	  reported by Guido Vranken <guido AT guidovranken.nl>.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55940 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
usa 2016-08-16 12:01:03 +00:00
parent e62309856b
commit 673a8b4859
4 changed files with 22 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Tue Aug 16 20:59:35 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
large precision to get rid of buffer overflow.
reported by Guido Vranken <guido AT guidovranken.nl>.
Tue Aug 16 20:58:11 2016 NARUSE, Yui <naruse@ruby-lang.org>
* regcomp.c (noname_disable_map): don't optimize out group 0

9
ext/date/date_strftime.c
View file

@ -48,7 +48,7 @@ downcase(char *s, size_t i)
/* strftime --- produce formatted time */
static size_t
date_strftime_with_tmx(char *s, size_t maxsize, const char *format,
date_strftime_with_tmx(char *s, const size_t maxsize, const char *format,
const struct tmx *tmx)
{
char *endp = s + maxsize;
@ -575,7 +575,12 @@ date_strftime_with_tmx(char *s, size_t maxsize, const char *format,
case '5': case '6': case '7': case '8': case '9':
{
char *e;
precision = (int)strtoul(format, &e, 10);
unsigned long prec = strtoul(format, &e, 10);
if (prec > INT_MAX || prec > maxsize) {
errno = ERANGE;
return 0;
}
precision = (int)prec;
format = e - 1;
goto again;
}

8
test/date/test_date_strftime.rb
View file

@ -419,4 +419,12 @@ class TestDateStrftime < Test::Unit::TestCase
end
def test_overflow
assert_raise(ArgumentError, Errno::ERANGE) {
Date.new(2000,1,1).strftime("%2147483647c")
}
assert_raise(ArgumentError, Errno::ERANGE) {
DateTime.new(2000,1,1).strftime("%2147483647c")
}
end
end

2
version.h
View file

@ -1,6 +1,6 @@
#define RUBY_VERSION "2.2.6"
#define RUBY_RELEASE_DATE "2016-08-16"
#define RUBY_PATCHLEVEL 366
#define RUBY_PATCHLEVEL 367
#define RUBY_RELEASE_YEAR 2016
#define RUBY_RELEASE_MONTH 8