summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-11-26 07:30:37 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-11-26 07:30:37 +0000
commit079009fb93678e902777669c663ed6f651a05c85 (patch)
tree7f2d849ba6f739d3022f1353d411a7935362c683
parentadcd0174b97e09f3f1f1651f9d2399167ac313ee (diff)
file.c: fix buffer overflow
* file.c (rb_readlink): fix buffer overflow on a long symlink. since rb_str_modify_expand() expands from its length but not its capacity, need to set the length properly for each expansion. [ruby-core:58592] [Bug #9157] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43853 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog7
-rw-r--r--file.c1
-rw-r--r--test/ruby/test_file_exhaustive.rb18
3 files changed, 26 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index d16cc05ffd..e834f8ff92 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Nov 26 16:30:31 2013 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * file.c (rb_readlink): fix buffer overflow on a long symlink. since
+ rb_str_modify_expand() expands from its length but not its capacity,
+ need to set the length properly for each expansion.
+ [ruby-core:58592] [Bug #9157]
+
Tue Nov 26 14:23:17 2013 Aman Gupta <ruby@tmm1.net>
* ext/objspace/objspace_dump.c (dump_append_string_value): Escape
diff --git a/file.c b/file.c
index b14f42e1f8..77facacfcf 100644
--- a/file.c
+++ b/file.c
@@ -2618,6 +2618,7 @@ rb_readlink(VALUE path)
) {
rb_str_modify_expand(v, size);
size *= 2;
+ rb_str_set_len(v, size);
}
if (rv < 0) {
rb_str_resize(v, 0);
diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb
index 069e5592ca..ec4ff1c15c 100644
--- a/test/ruby/test_file_exhaustive.rb
+++ b/test/ruby/test_file_exhaustive.rb
@@ -391,6 +391,24 @@ class TestFileExhaustive < Test::Unit::TestCase
rescue NotImplementedError
end
+ def test_readlink_long_path
+ return unless @symlinkfile
+ bug9157 = '[ruby-core:58592] [Bug #9157]'
+ assert_separately(["-", @symlinkfile, bug9157], <<-"end;")
+ symlinkfile, bug9157 = *ARGV
+ 100.step(1000, 100) do |n|
+ File.unlink(symlinkfile)
+ link = "foo"*n
+ begin
+ File.symlink(link, symlinkfile)
+ rescue Errno::ENAMETOOLONG
+ break
+ end
+ assert_equal(link, File.readlink(symlinkfile), bug9157)
+ end
+ end;
+ end
+
def test_unlink
assert_equal(1, File.unlink(@file))
make_file("foo", @file)