diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-03-28 21:29:16 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-03-28 21:29:16 +0000 |
commit | 4634c34db318d157c1f741855dba9757cc8de1fd (patch) | |
tree | efe81ad540757487762a9ffad0f8a8be21a54bab | |
parent | 5264f6d848f74309fdef606e0c043b053bee52ef (diff) |
merge revision(s) 58200: [Backport #13376]
* hash.c (any_hash): fix Symbol#hash to be nondeterministic.
The patch was provided by Eric Wong. [ruby-core:80433] [Bug #13376]
test/ruby/test_symbol.rb: new test for nondeterminism
We need to ensure hashes for static symbols remain
non-deterministic to avoid DoS attacks. This is currently the
case since 2.4+, but was not for the 2.3 series.
* test/ruby/test_symbol.rb (test_hash_nondeterministic): new test
[ruby-core:80430] [Bug #13376]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@58203 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | hash.c | 1 | ||||
-rw-r--r-- | test/ruby/test_symbol.rb | 10 | ||||
-rw-r--r-- | version.h | 6 |
4 files changed, 21 insertions, 3 deletions
@@ -1,3 +1,10 @@ +Wed Mar 29 06:22:27 2017 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + * hash.c (any_hash): fix Symbol#hash to be nondeterministic. + The patch was provided by Eric Wong. [ruby-core:80433] [Bug #13376] + + * test/ruby/test_symbol.rb: add test for above. + Tue Mar 28 00:38:39 2017 NAKAMURA Usaku <usa@ruby-lang.org> * win32/win32.c (poll_child_status): rb_w32_wait_events_blocking() sets @@ -139,6 +139,7 @@ any_hash(VALUE a, st_index_t (*other_func)(VALUE)) if (a == Qundef) return 0; if (STATIC_SYM_P(a)) { hnum = a >> (RUBY_SPECIAL_SHIFT + ID_SCOPE_SHIFT); + hnum = rb_hash_start(hnum); goto out; } else if (FLONUM_P(a)) { diff --git a/test/ruby/test_symbol.rb b/test/ruby/test_symbol.rb index ce3b0d652f..34cd886141 100644 --- a/test/ruby/test_symbol.rb +++ b/test/ruby/test_symbol.rb @@ -411,4 +411,14 @@ class TestSymbol < Test::Unit::TestCase assert_equal str, str.to_sym.to_s assert_not_predicate(str, :frozen?, bug11721) end + + def test_hash_nondeterministic + ruby = EnvUtil.rubybin + refute_equal `#{ruby} -e 'puts :foo.hash'`, `#{ruby} -e 'puts :foo.hash'`, + '[ruby-core:80430] [Bug #13376]' + + sym = "dynsym_#{Random.rand(10000)}_#{Time.now}" + refute_equal `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'`, + `#{ruby} -e 'puts #{sym.inspect}.to_sym.hash'` + end end @@ -1,10 +1,10 @@ #define RUBY_VERSION "2.3.4" -#define RUBY_RELEASE_DATE "2017-03-28" -#define RUBY_PATCHLEVEL 299 +#define RUBY_RELEASE_DATE "2017-03-29" +#define RUBY_PATCHLEVEL 300 #define RUBY_RELEASE_YEAR 2017 #define RUBY_RELEASE_MONTH 3 -#define RUBY_RELEASE_DAY 28 +#define RUBY_RELEASE_DAY 29 #include "ruby/version.h" |