diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-08-16 12:01:03 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-08-16 12:01:03 +0000 |
commit | 673a8b4859932d926051a27bd4b45c7bd3bed2b3 (patch) | |
tree | 7f36fb0e72cff91df95a9f82dacf18516294aca2 | |
parent | e62309856b193b7f3e5208dc0f0510d02365d7fc (diff) |
merge revision(s) 55410: [Backport #12488]
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too
large precision to get rid of buffer overflow.
reported by Guido Vranken <guido AT guidovranken.nl>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55940 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ext/date/date_strftime.c | 9 | ||||
-rw-r--r-- | test/date/test_date_strftime.rb | 8 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 22 insertions, 3 deletions
@@ -1,3 +1,9 @@ +Tue Aug 16 20:59:35 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * ext/date/date_strftime.c (date_strftime_with_tmx): reject too + large precision to get rid of buffer overflow. + reported by Guido Vranken <guido AT guidovranken.nl>. + Tue Aug 16 20:58:11 2016 NARUSE, Yui <naruse@ruby-lang.org> * regcomp.c (noname_disable_map): don't optimize out group 0 diff --git a/ext/date/date_strftime.c b/ext/date/date_strftime.c index 20931a3124..9d8167b612 100644 --- a/ext/date/date_strftime.c +++ b/ext/date/date_strftime.c @@ -48,7 +48,7 @@ downcase(char *s, size_t i) /* strftime --- produce formatted time */ static size_t -date_strftime_with_tmx(char *s, size_t maxsize, const char *format, +date_strftime_with_tmx(char *s, const size_t maxsize, const char *format, const struct tmx *tmx) { char *endp = s + maxsize; @@ -575,7 +575,12 @@ date_strftime_with_tmx(char *s, size_t maxsize, const char *format, case '5': case '6': case '7': case '8': case '9': { char *e; - precision = (int)strtoul(format, &e, 10); + unsigned long prec = strtoul(format, &e, 10); + if (prec > INT_MAX || prec > maxsize) { + errno = ERANGE; + return 0; + } + precision = (int)prec; format = e - 1; goto again; } diff --git a/test/date/test_date_strftime.rb b/test/date/test_date_strftime.rb index 0ed9215e1e..e5622cd3be 100644 --- a/test/date/test_date_strftime.rb +++ b/test/date/test_date_strftime.rb @@ -419,4 +419,12 @@ class TestDateStrftime < Test::Unit::TestCase end + def test_overflow + assert_raise(ArgumentError, Errno::ERANGE) { + Date.new(2000,1,1).strftime("%2147483647c") + } + assert_raise(ArgumentError, Errno::ERANGE) { + DateTime.new(2000,1,1).strftime("%2147483647c") + } + end end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.2.6" #define RUBY_RELEASE_DATE "2016-08-16" -#define RUBY_PATCHLEVEL 366 +#define RUBY_PATCHLEVEL 367 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 8 |