diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-08-15 19:47:39 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-08-15 19:47:39 +0000 |
commit | 38e722f741c628bd6dbfbd74c8e191beeb460203 (patch) | |
tree | 4b1ce3612ce599e6f6ee310b1302515246e08ffd | |
parent | 12b6cd61c0740af71f12c4e1a247ee502e8e78dd (diff) |
merge revision(s) 55410: [Backport #12488]
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
large precision to get rid of buffer overflow.
reported by Guido Vranken <guido AT guidovranken.nl>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@55910 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ext/date/date_strftime.c | 9 | ||||
-rw-r--r-- | test/date/test_date_strftime.rb | 8 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 22 insertions, 3 deletions
@@ -1,3 +1,9 @@ +Tue Aug 16 04:38:48 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * ext/date/date_strftime.c (date_strftime_with_tmx): reject too + large precision to get rid of buffer overflow. + reported by Guido Vranken <guido AT guidovranken.nl>. + Tue Aug 16 04:28:22 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> * file.c (append_fspath): normalize directory name to be appended diff --git a/ext/date/date_strftime.c b/ext/date/date_strftime.c index 20931a3124..9d8167b612 100644 --- a/ext/date/date_strftime.c +++ b/ext/date/date_strftime.c @@ -48,7 +48,7 @@ downcase(char *s, size_t i) /* strftime --- produce formatted time */ static size_t -date_strftime_with_tmx(char *s, size_t maxsize, const char *format, +date_strftime_with_tmx(char *s, const size_t maxsize, const char *format, const struct tmx *tmx) { char *endp = s + maxsize; @@ -575,7 +575,12 @@ date_strftime_with_tmx(char *s, size_t maxsize, const char *format, case '5': case '6': case '7': case '8': case '9': { char *e; - precision = (int)strtoul(format, &e, 10); + unsigned long prec = strtoul(format, &e, 10); + if (prec > INT_MAX || prec > maxsize) { + errno = ERANGE; + return 0; + } + precision = (int)prec; format = e - 1; goto again; } diff --git a/test/date/test_date_strftime.rb b/test/date/test_date_strftime.rb index 7472a4323d..1c0f9b11b4 100644 --- a/test/date/test_date_strftime.rb +++ b/test/date/test_date_strftime.rb @@ -420,4 +420,12 @@ class TestDateStrftime < Test::Unit::TestCase end + def test_overflow + assert_raise(ArgumentError, Errno::ERANGE) { + Date.new(2000,1,1).strftime("%2147483647c") + } + assert_raise(ArgumentError, Errno::ERANGE) { + DateTime.new(2000,1,1).strftime("%2147483647c") + } + end end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.2" #define RUBY_RELEASE_DATE "2016-08-16" -#define RUBY_PATCHLEVEL 160 +#define RUBY_PATCHLEVEL 161 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 8 |