summaryrefslogtreecommitdiff
path: root/ext/date
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-06-14 13:07:27 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-06-14 13:07:27 +0000
commit58e8c9c895cc21473d6e46978666016a6e627d5f (patch)
treedffcde8d3bebe3d52afb48147cfc787d20a05360 /ext/date
parent40799e5ef9dd1bcbb7a84564a9bfa45af21c4d02 (diff)
date_strftime.c: check precision
* ext/date/date_strftime.c (date_strftime_with_tmx): reject too large precision to get rid of buffer overflow. reported by Guido Vranken <guido AT guidovranken.nl>. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/date')
-rw-r--r--ext/date/date_strftime.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/ext/date/date_strftime.c b/ext/date/date_strftime.c
index 20931a3..9d8167b 100644
--- a/ext/date/date_strftime.c
+++ b/ext/date/date_strftime.c
@@ -48,7 +48,7 @@ downcase(char *s, size_t i)
/* strftime --- produce formatted time */
static size_t
-date_strftime_with_tmx(char *s, size_t maxsize, const char *format,
+date_strftime_with_tmx(char *s, const size_t maxsize, const char *format,
const struct tmx *tmx)
{
char *endp = s + maxsize;
@@ -575,7 +575,12 @@ date_strftime_with_tmx(char *s, size_t maxsize, const char *format,
case '5': case '6': case '7': case '8': case '9':
{
char *e;
- precision = (int)strtoul(format, &e, 10);
+ unsigned long prec = strtoul(format, &e, 10);
+ if (prec > INT_MAX || prec > maxsize) {
+ errno = ERANGE;
+ return 0;
+ }
+ precision = (int)prec;
format = e - 1;
goto again;
}