[rubygems/rubygems] Check requirements classes

Mitigate the security risk: https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html https://github.com/rubygems/rubygems/commit/141c2f4388
author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2021-06-04 10:38:43 +0900
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2021-07-27 09:25:56 +0900
commit: 803c60858e42463d33a00950883b17b1c38a2347 (patch)
tree: f487dd700b4087bda80b55032edaf3d6bb284e3e /lib
parent: 88e46cf6b83e2ca701cf122756fef9bc2550e845 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/rubygems/requirement.rb b/lib/rubygems/requirement.rb
index 0067f6304a..16de45ad91 100644
--- a/lib/rubygems/requirement.rb
+++ b/lib/rubygems/requirement.rb
@@ -199,6 +199,8 @@ class Gem::Requirement
 
   def marshal_load(array) # :nodoc:
     @requirements = array[0]
+
+    raise TypeError, "wrong @requirements" unless Array === @requirements
   end
 
   def yaml_initialize(tag, vals) # :nodoc:
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2021-06-04 10:38:43 +0900
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2021-07-27 09:25:56 +0900
commit	803c60858e42463d33a00950883b17b1c38a2347 (patch)
tree	f487dd700b4087bda80b55032edaf3d6bb284e3e /lib
parent	88e46cf6b83e2ca701cf122756fef9bc2550e845 (diff)