summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-05-06 06:19:17 +0000
committershyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-05-06 06:19:17 +0000
commite3a69233e6563e6c95ccdc1040afa00db7b795e9 (patch)
tree2b31f4d497f14154f0a57c9b4536ad5d9b89e80c
parentbe237a9d8fad158f7cd0fd58b25eaf5884ab1664 (diff)
* ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
silently ignoring lesser significant digits. Required buffer length can be computable so you might at first think of allocating enough memory space on the fly using alloca(). That is a wrong idea because when using alloca there is always risk of integer overflow. A function that accepts outer-process resources like this should not blindly trust its inputs. In this particular case we just want to generate miliseconds resolution by strtod() so the string in question needs no more length than what we originally have. Ignoring lesser significant digits should suffice I believe. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog14
-rw-r--r--ext/syck/rubyext.c6
2 files changed, 14 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index d3ddc2e4ef6..173de3c0a68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+Fri May 6 15:01:11 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
+
+ * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
+ silently ignoring lesser significant digits. Required buffer
+ length can be computable so you might at first think of
+ allocating enough memory space on the fly using alloca(). That
+ is a wrong idea because when using alloca there is always risk
+ of integer overflow. A function that accepts outer-process
+ resources like this should not blindly trust its inputs. In
+ this particular case we just want to generate miliseconds
+ resolution by strtod() so the string in question needs no more
+ length than what we originally have. Ignoring lesser
+ significant digits should suffice I believe.
+
Fri May 6 14:25:53 2011 Tinco Andringa <mail@tinco.nl>
* ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse
diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c
index b7ab817002c..970b64ed05d 100644
--- a/ext/syck/rubyext.c
+++ b/ext/syck/rubyext.c
@@ -281,12 +281,6 @@ mktime_do(VALUE varg)
while ( isdigit( *end ) ) end++;
length = (int)(end - begin) <= padding ? (int)(end - begin) : padding;
MEMCPY(padded, begin, char, length);
- length = (int)(end - begin);
- if (length > padding) {
- length = length - padding;
- MEMCPY(padded + offset, begin + padding, char, length);
- }
-
usec = strtod(padded, NULL);
}
else