diff options
Diffstat (limited to 'meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch')
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch | 312 |
1 files changed, 293 insertions, 19 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch index 073d214d88..700d1bc58e 100644 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch +++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch | |||
@@ -1,19 +1,54 @@ | |||
1 | From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 | 1 | From d86d283fcb35d1442a121b92030884523908a331 Mon Sep 17 00:00:00 2001 |
2 | From: Florian Frank <flori@ping.de> | 2 | From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> |
3 | Date: Thu, 2 Mar 2017 12:12:33 +0100 | 3 | Date: Sat, 22 Apr 2017 07:29:01 +0000 |
4 | Subject: [PATCH] Fix arbitrary heap exposure problem | 4 | Subject: [PATCH] merge revision(s) 58323,58324: |
5 | |||
6 | Merge json-2.0.4. | ||
7 | |||
8 | * https://github.com/flori/json/releases/tag/v2.0.4 | ||
9 | * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 | ||
10 | Use `assert_raise` instead of `assert_raises`. | ||
11 | |||
12 | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58445 b2dd03c8-39d4-4d8f-98ff-823fe69b080e | ||
5 | 13 | ||
6 | Upstream-Status: Backport | 14 | Upstream-Status: Backport |
7 | CVE: CVE-2017-14064 | 15 | CVE: CVE-2017-14064 |
8 | 16 | ||
9 | Signed-off-by: Rajkumar Veer<rveer@mvista.com> | 17 | Signed-off-by: Armin Kuster <akuster@mvisa.com> |
18 | |||
10 | --- | 19 | --- |
11 | ext/json/ext/generator/generator.c | 12 ++++++------ | 20 | ext/json/fbuffer/fbuffer.h | 3 --- |
12 | ext/json/ext/generator/generator.h | 1 - | 21 | ext/json/generator/generator.c | 12 +++++----- |
13 | 2 files changed, 6 insertions(+), 7 deletions(-) | 22 | ext/json/generator/generator.h | 1 - |
14 | --- a/ext/json/generator/generator.c | 23 | ext/json/json.gemspec | Bin 5473 -> 5474 bytes |
15 | +++ b/ext/json/generator/generator.c | 24 | ext/json/lib/json/version.rb | 2 +- |
16 | @@ -301,7 +301,7 @@ | 25 | ext/json/parser/parser.c | 48 +++++++++++++++++++++++---------------- |
26 | ext/json/parser/parser.rl | 14 +++++++++--- | ||
27 | test/json/json_encoding_test.rb | 2 ++ | ||
28 | test/json/json_generator_test.rb | 0 | ||
29 | version.h | 2 +- | ||
30 | 10 files changed, 49 insertions(+), 35 deletions(-) | ||
31 | mode change 100755 => 100644 test/json/json_generator_test.rb | ||
32 | |||
33 | Index: ruby-2.4.0/ext/json/fbuffer/fbuffer.h | ||
34 | =================================================================== | ||
35 | --- ruby-2.4.0.orig/ext/json/fbuffer/fbuffer.h | ||
36 | +++ ruby-2.4.0/ext/json/fbuffer/fbuffer.h | ||
37 | @@ -12,9 +12,6 @@ | ||
38 | #define RFLOAT_VALUE(val) (RFLOAT(val)->value) | ||
39 | #endif | ||
40 | |||
41 | -#ifndef RARRAY_PTR | ||
42 | -#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr | ||
43 | -#endif | ||
44 | #ifndef RARRAY_LEN | ||
45 | #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len | ||
46 | #endif | ||
47 | Index: ruby-2.4.0/ext/json/generator/generator.c | ||
48 | =================================================================== | ||
49 | --- ruby-2.4.0.orig/ext/json/generator/generator.c | ||
50 | +++ ruby-2.4.0/ext/json/generator/generator.c | ||
51 | @@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, u | ||
17 | char *result; | 52 | char *result; |
18 | if (len <= 0) return NULL; | 53 | if (len <= 0) return NULL; |
19 | result = ALLOC_N(char, len); | 54 | result = ALLOC_N(char, len); |
@@ -22,7 +57,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com> | |||
22 | return result; | 57 | return result; |
23 | } | 58 | } |
24 | 59 | ||
25 | @@ -1055,7 +1055,7 @@ | 60 | @@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE sel |
26 | } | 61 | } |
27 | } else { | 62 | } else { |
28 | if (state->indent) ruby_xfree(state->indent); | 63 | if (state->indent) ruby_xfree(state->indent); |
@@ -31,7 +66,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com> | |||
31 | state->indent_len = len; | 66 | state->indent_len = len; |
32 | } | 67 | } |
33 | return Qnil; | 68 | return Qnil; |
34 | @@ -1093,7 +1093,7 @@ | 69 | @@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self |
35 | } | 70 | } |
36 | } else { | 71 | } else { |
37 | if (state->space) ruby_xfree(state->space); | 72 | if (state->space) ruby_xfree(state->space); |
@@ -40,7 +75,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com> | |||
40 | state->space_len = len; | 75 | state->space_len = len; |
41 | } | 76 | } |
42 | return Qnil; | 77 | return Qnil; |
43 | @@ -1129,7 +1129,7 @@ | 78 | @@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VAL |
44 | } | 79 | } |
45 | } else { | 80 | } else { |
46 | if (state->space_before) ruby_xfree(state->space_before); | 81 | if (state->space_before) ruby_xfree(state->space_before); |
@@ -49,7 +84,7 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com> | |||
49 | state->space_before_len = len; | 84 | state->space_before_len = len; |
50 | } | 85 | } |
51 | return Qnil; | 86 | return Qnil; |
52 | @@ -1166,7 +1166,7 @@ | 87 | @@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE |
53 | } | 88 | } |
54 | } else { | 89 | } else { |
55 | if (state->object_nl) ruby_xfree(state->object_nl); | 90 | if (state->object_nl) ruby_xfree(state->object_nl); |
@@ -58,17 +93,19 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com> | |||
58 | state->object_nl_len = len; | 93 | state->object_nl_len = len; |
59 | } | 94 | } |
60 | return Qnil; | 95 | return Qnil; |
61 | @@ -1201,7 +1201,7 @@ | 96 | @@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE s |
62 | } | 97 | } |
63 | } else { | 98 | } else { |
64 | if (state->array_nl) ruby_xfree(state->array_nl); | 99 | if (state->array_nl) ruby_xfree(state->array_nl); |
65 | - state->array_nl = strdup(RSTRING_PTR(array_nl)); | 100 | - state->array_nl = strdup(RSTRING_PTR(array_nl)); |
66 | + state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); | 101 | + state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); |
67 | state->array_nl_len = len; | 102 | state->array_nl_len = len; |
68 | } | 103 | } |
69 | return Qnil; | 104 | return Qnil; |
70 | --- a/ext/json/generator/generator.h | 105 | Index: ruby-2.4.0/ext/json/generator/generator.h |
71 | +++ b/ext/json/generator/generator.h | 106 | =================================================================== |
107 | --- ruby-2.4.0.orig/ext/json/generator/generator.h | ||
108 | +++ ruby-2.4.0/ext/json/generator/generator.h | ||
72 | @@ -1,7 +1,6 @@ | 109 | @@ -1,7 +1,6 @@ |
73 | #ifndef _GENERATOR_H_ | 110 | #ifndef _GENERATOR_H_ |
74 | #define _GENERATOR_H_ | 111 | #define _GENERATOR_H_ |
@@ -77,3 +114,240 @@ Signed-off-by: Rajkumar Veer<rveer@mvista.com> | |||
77 | #include <math.h> | 114 | #include <math.h> |
78 | #include <ctype.h> | 115 | #include <ctype.h> |
79 | 116 | ||
117 | Index: ruby-2.4.0/ext/json/lib/json/version.rb | ||
118 | =================================================================== | ||
119 | --- ruby-2.4.0.orig/ext/json/lib/json/version.rb | ||
120 | +++ ruby-2.4.0/ext/json/lib/json/version.rb | ||
121 | @@ -1,7 +1,7 @@ | ||
122 | # frozen_string_literal: false | ||
123 | module JSON | ||
124 | # JSON version | ||
125 | - VERSION = '2.0.2' | ||
126 | + VERSION = '2.0.4' | ||
127 | VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc: | ||
128 | VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc: | ||
129 | VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: | ||
130 | Index: ruby-2.4.0/ext/json/parser/parser.c | ||
131 | =================================================================== | ||
132 | --- ruby-2.4.0.orig/ext/json/parser/parser.c | ||
133 | +++ ruby-2.4.0/ext/json/parser/parser.c | ||
134 | @@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE | ||
135 | break; | ||
136 | case 'u': | ||
137 | if (pe > stringEnd - 4) { | ||
138 | - return Qnil; | ||
139 | + rb_enc_raise( | ||
140 | + EXC_ENCODING eParserError, | ||
141 | + "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p | ||
142 | + ); | ||
143 | } else { | ||
144 | UTF32 ch = unescape_unicode((unsigned char *) ++pe); | ||
145 | pe += 3; | ||
146 | if (UNI_SUR_HIGH_START == (ch & 0xFC00)) { | ||
147 | pe++; | ||
148 | - if (pe > stringEnd - 6) return Qnil; | ||
149 | + if (pe > stringEnd - 6) { | ||
150 | + rb_enc_raise( | ||
151 | + EXC_ENCODING eParserError, | ||
152 | + "%u: incomplete surrogate pair at '%s'", __LINE__, p | ||
153 | + ); | ||
154 | + } | ||
155 | if (pe[0] == '\\' && pe[1] == 'u') { | ||
156 | UTF32 sur = unescape_unicode((unsigned char *) pe + 2); | ||
157 | ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16) | ||
158 | @@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE | ||
159 | } | ||
160 | |||
161 | |||
162 | -#line 1475 "parser.c" | ||
163 | +#line 1483 "parser.c" | ||
164 | enum {JSON_string_start = 1}; | ||
165 | enum {JSON_string_first_final = 8}; | ||
166 | enum {JSON_string_error = 0}; | ||
167 | @@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0}; | ||
168 | enum {JSON_string_en_main = 1}; | ||
169 | |||
170 | |||
171 | -#line 504 "parser.rl" | ||
172 | +#line 512 "parser.rl" | ||
173 | |||
174 | |||
175 | static int | ||
176 | @@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Pars | ||
177 | |||
178 | *result = rb_str_buf_new(0); | ||
179 | |||
180 | -#line 1505 "parser.c" | ||
181 | +#line 1513 "parser.c" | ||
182 | { | ||
183 | cs = JSON_string_start; | ||
184 | } | ||
185 | |||
186 | -#line 525 "parser.rl" | ||
187 | +#line 533 "parser.rl" | ||
188 | json->memo = p; | ||
189 | |||
190 | -#line 1513 "parser.c" | ||
191 | +#line 1521 "parser.c" | ||
192 | { | ||
193 | if ( p == pe ) | ||
194 | goto _test_eof; | ||
195 | @@ -1534,7 +1542,7 @@ case 2: | ||
196 | goto st0; | ||
197 | goto st2; | ||
198 | tr2: | ||
199 | -#line 490 "parser.rl" | ||
200 | +#line 498 "parser.rl" | ||
201 | { | ||
202 | *result = json_string_unescape(*result, json->memo + 1, p); | ||
203 | if (NIL_P(*result)) { | ||
204 | @@ -1545,14 +1553,14 @@ tr2: | ||
205 | {p = (( p + 1))-1;} | ||
206 | } | ||
207 | } | ||
208 | -#line 501 "parser.rl" | ||
209 | +#line 509 "parser.rl" | ||
210 | { p--; {p++; cs = 8; goto _out;} } | ||
211 | goto st8; | ||
212 | st8: | ||
213 | if ( ++p == pe ) | ||
214 | goto _test_eof8; | ||
215 | case 8: | ||
216 | -#line 1556 "parser.c" | ||
217 | +#line 1564 "parser.c" | ||
218 | goto st0; | ||
219 | st3: | ||
220 | if ( ++p == pe ) | ||
221 | @@ -1628,7 +1636,7 @@ case 7: | ||
222 | _out: {} | ||
223 | } | ||
224 | |||
225 | -#line 527 "parser.rl" | ||
226 | +#line 535 "parser.rl" | ||
227 | |||
228 | if (json->create_additions && RTEST(match_string = json->match_string)) { | ||
229 | VALUE klass; | ||
230 | @@ -1675,7 +1683,7 @@ static VALUE convert_encoding(VALUE sour | ||
231 | } | ||
232 | FORCE_UTF8(source); | ||
233 | } else { | ||
234 | - source = rb_str_conv_enc(source, NULL, rb_utf8_encoding()); | ||
235 | + source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding()); | ||
236 | } | ||
237 | #endif | ||
238 | return source; | ||
239 | @@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc | ||
240 | } | ||
241 | |||
242 | |||
243 | -#line 1812 "parser.c" | ||
244 | +#line 1820 "parser.c" | ||
245 | enum {JSON_start = 1}; | ||
246 | enum {JSON_first_final = 10}; | ||
247 | enum {JSON_error = 0}; | ||
248 | @@ -1816,7 +1824,7 @@ enum {JSON_error = 0}; | ||
249 | enum {JSON_en_main = 1}; | ||
250 | |||
251 | |||
252 | -#line 720 "parser.rl" | ||
253 | +#line 728 "parser.rl" | ||
254 | |||
255 | |||
256 | /* | ||
257 | @@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self) | ||
258 | GET_PARSER; | ||
259 | |||
260 | |||
261 | -#line 1837 "parser.c" | ||
262 | +#line 1845 "parser.c" | ||
263 | { | ||
264 | cs = JSON_start; | ||
265 | } | ||
266 | |||
267 | -#line 736 "parser.rl" | ||
268 | +#line 744 "parser.rl" | ||
269 | p = json->source; | ||
270 | pe = p + json->len; | ||
271 | |||
272 | -#line 1846 "parser.c" | ||
273 | +#line 1854 "parser.c" | ||
274 | { | ||
275 | if ( p == pe ) | ||
276 | goto _test_eof; | ||
277 | @@ -1876,7 +1884,7 @@ st0: | ||
278 | cs = 0; | ||
279 | goto _out; | ||
280 | tr2: | ||
281 | -#line 712 "parser.rl" | ||
282 | +#line 720 "parser.rl" | ||
283 | { | ||
284 | char *np = JSON_parse_value(json, p, pe, &result, 0); | ||
285 | if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;} | ||
286 | @@ -1886,7 +1894,7 @@ st10: | ||
287 | if ( ++p == pe ) | ||
288 | goto _test_eof10; | ||
289 | case 10: | ||
290 | -#line 1890 "parser.c" | ||
291 | +#line 1898 "parser.c" | ||
292 | switch( (*p) ) { | ||
293 | case 13: goto st10; | ||
294 | case 32: goto st10; | ||
295 | @@ -1975,7 +1983,7 @@ case 9: | ||
296 | _out: {} | ||
297 | } | ||
298 | |||
299 | -#line 739 "parser.rl" | ||
300 | +#line 747 "parser.rl" | ||
301 | |||
302 | if (cs >= JSON_first_final && p == pe) { | ||
303 | return result; | ||
304 | Index: ruby-2.4.0/ext/json/parser/parser.rl | ||
305 | =================================================================== | ||
306 | --- ruby-2.4.0.orig/ext/json/parser/parser.rl | ||
307 | +++ ruby-2.4.0/ext/json/parser/parser.rl | ||
308 | @@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE | ||
309 | break; | ||
310 | case 'u': | ||
311 | if (pe > stringEnd - 4) { | ||
312 | - return Qnil; | ||
313 | + rb_enc_raise( | ||
314 | + EXC_ENCODING eParserError, | ||
315 | + "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p | ||
316 | + ); | ||
317 | } else { | ||
318 | UTF32 ch = unescape_unicode((unsigned char *) ++pe); | ||
319 | pe += 3; | ||
320 | if (UNI_SUR_HIGH_START == (ch & 0xFC00)) { | ||
321 | pe++; | ||
322 | - if (pe > stringEnd - 6) return Qnil; | ||
323 | + if (pe > stringEnd - 6) { | ||
324 | + rb_enc_raise( | ||
325 | + EXC_ENCODING eParserError, | ||
326 | + "%u: incomplete surrogate pair at '%s'", __LINE__, p | ||
327 | + ); | ||
328 | + } | ||
329 | if (pe[0] == '\\' && pe[1] == 'u') { | ||
330 | UTF32 sur = unescape_unicode((unsigned char *) pe + 2); | ||
331 | ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16) | ||
332 | @@ -570,7 +578,7 @@ static VALUE convert_encoding(VALUE sour | ||
333 | } | ||
334 | FORCE_UTF8(source); | ||
335 | } else { | ||
336 | - source = rb_str_conv_enc(source, NULL, rb_utf8_encoding()); | ||
337 | + source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding()); | ||
338 | } | ||
339 | #endif | ||
340 | return source; | ||
341 | Index: ruby-2.4.0/test/json/json_encoding_test.rb | ||
342 | =================================================================== | ||
343 | --- ruby-2.4.0.orig/test/json/json_encoding_test.rb | ||
344 | +++ ruby-2.4.0/test/json/json_encoding_test.rb | ||
345 | @@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::Tes | ||
346 | json = '["\ud840\udc01"]' | ||
347 | assert_equal json, generate(utf8, :ascii_only => true) | ||
348 | assert_equal utf8, parse(json) | ||
349 | + assert_raise(JSON::ParserError) { parse('"\u"') } | ||
350 | + assert_raise(JSON::ParserError) { parse('"\ud800"') } | ||
351 | end | ||
352 | |||
353 | def test_chars | ||