1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
new file mode 100644
index 0000000000..0f2a4307cc
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
@@ -0,0 +1,41 @@
+From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Thu, 18 May 2017 17:05:27 +0900
+Subject: [PATCH] fix #55 : check too big code point value for single byte
+ value in next_state_val()
+---
+ regparse.c |    3 +++
+ 1 file changed, 3 insertions(+)
+--- end of original header
+CVE: CVE-2017-9226
+Add check for octal number bigger than 255.
+Upstream-Status: Pending
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+--- ruby-2.4.1.orig/regparse.c
+++ ruby-2.4.1/regparse.c
+@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src,
+       if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
+        prev = p;
+        num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
+-       if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+       if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
+        if (p == prev) {  /* can't read nothing. */
+          num = 0; /* but, it's not error */
+        }
+@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
+   switch (*state) {
+   case CCS_VALUE:
+     if (*type == CCV_SB) {
+      if (*vs > 0xff)
+          return ONIGERR_INVALID_CODE_POINT_VALUE;
+
+       BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs));
+       if (IS_NOT_NULL(asc_cc))
+        BITSET_SET_BIT(asc_cc->bs, (int )(*vs));

diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch new file mode 100644 index 0000000000..0f2a4307cc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
@@ -0,0 +1,41 @@
	1	From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001
	2	From: "K.Kosako" <kosako@sofnec.co.jp>
	3	Date: Thu, 18 May 2017 17:05:27 +0900
	4	Subject: [PATCH] fix #55 : check too big code point value for single byte
	5	value in next_state_val()
	6
	7	---
	8	regparse.c \| 3 +++
	9	1 file changed, 3 insertions(+)
	10
	11	--- end of original header
	12
	13	CVE: CVE-2017-9226
	14
	15	Add check for octal number bigger than 255.
	16
	17	Upstream-Status: Pending
	18	Signed-off-by: Joe Slater <joe.slater@windriver.com>
	19
	20
	21	--- ruby-2.4.1.orig/regparse.c
	22	+++ ruby-2.4.1/regparse.c
	23	@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src,
	24	if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
	25	prev = p;
	26	num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
	27	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
	28	+ if (num < 0 \|\| 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
	29	if (p == prev) { /* can't read nothing. */
	30	num = 0; /* but, it's not error */
	31	}
	32	@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
	33	switch (*state) {
	34	case CCS_VALUE:
	35	if (*type == CCV_SB) {
	36	+ if (*vs > 0xff)
	37	+ return ONIGERR_INVALID_CODE_POINT_VALUE;
	38	+
	39	BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs));
	40	if (IS_NOT_NULL(asc_cc))
	41	BITSET_SET_BIT(asc_cc->bs, (int )(*vs));