diff options
-rw-r--r-- | ChangeLog | 25 | ||||
-rw-r--r-- | defines.h | 8 | ||||
-rw-r--r-- | file.c | 40 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 61 insertions, 14 deletions
@@ -1,3 +1,28 @@ +Sun Jun 15 23:02:12 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/httpservlet/filehandler.rb: should normalize path + name in path_info to prevent script disclosure vulnerability on + DOSISH filesystems. (fix: CVE-2008-1891) + Note: NTFS/FAT filesystem should not be published by the platforms + other than Windows. Pathname interpretation (including short + filename) is less than perfect. + + * lib/webrick/httpservlet/abstract.rb + (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): + should escape the value of Location: header. + + * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter + command line arguments. + +Sun Jun 15 23:02:12 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * file.c (file_expand_path): support for alternative data stream + and ignored trailing garbages of NTFS. + + * file.c (rb_file_s_basename): ditto. + + * file.c (rb_file_s_extname): ditto. + Sun Jun 15 22:53:20 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * string.c (rb_str_cat): fixed buffer overrun reported by @@ -251,6 +251,14 @@ void rb_ia64_flushrs(void); #define ENV_IGNORECASE #endif +#ifndef CASEFOLD_FILESYSTEM +# if defined DOSISH || defined __VMS +# define CASEFOLD_FILESYSTEM 1 +# else +# define CASEFOLD_FILESYSTEM 0 +# endif +#endif + #ifndef DLEXT_MAXLEN #define DLEXT_MAXLEN 4 #endif @@ -2315,6 +2315,18 @@ rb_file_s_umask(argc, argv) #define isdirsep(x) ((x) == '/') #endif +#if defined _WIN32 || defined __CYGWIN__ +#define USE_NTFS 1 +#else +#define USE_NTFS 0 +#endif + +#if USE_NTFS +#define istrailinggabage(x) ((x) == '.' || (x) == ' ') +#else +#define istrailinggabage(x) 0 +#endif + #ifndef CharNext /* defined as CharNext[AW] on Windows. */ # if defined(DJGPP) # define CharNext(p) ((p) + mblen(p, MB_CUR_MAX)) @@ -2741,23 +2753,17 @@ file_expand_path(fname, dname, result) if (p == skiproot(buf) - 1) p++; buflen = p - buf; - RSTRING(result)->len = buflen; - *p = '\0'; #if USE_NTFS - if (1 && -#ifdef __CYGWIN__ - !(buf[0] == '/' && !buf[1]) && -#endif - !strpbrk(b = buf, "*?")) { + *p = '\0'; + if (!strpbrk(b = buf, "*?")) { size_t len; WIN32_FIND_DATA wfd; #ifdef __CYGWIN__ - int lnk_added = 0, is_symlink = 0; + int lnk_added = 0; struct stat st; char w32buf[MAXPATHLEN], sep = 0; p = 0; if (lstat(buf, &st) == 0 && S_ISLNK(st.st_mode)) { - is_symlink = 1; p = strrdirsep(buf); if (!p) p = skipprefix(buf); if (p) { @@ -2770,7 +2776,8 @@ file_expand_path(fname, dname, result) } if (p) *p = sep; else p = buf; - if (is_symlink && b == w32buf) { + if (b == w32buf) { + strlcat(w32buf, p, sizeof(w32buf)); len = strlen(p); if (len > 4 && strcasecmp(p + len - 4, ".lnk") != 0) { lnk_added = 1; @@ -2798,6 +2805,8 @@ file_expand_path(fname, dname, result) #endif if (tainted) OBJ_TAINT(result); + RSTRING(result)->len = buflen; + RSTRING(result)->ptr[buflen] = '\0'; return result; } @@ -2860,7 +2869,12 @@ rmext(p, l1, e) } if (l1 < l2) return l1; - if (strncmp(p+l1-l2, e, l2) == 0) { +#if CASEFOLD_FILESYSTEM +#define fncomp strncasecmp +#else +#define fncomp strncmp +#endif + if (fncomp(p+l1-l2, e, l2) == 0) { return l1-l2; } return 0; @@ -3023,7 +3037,7 @@ rb_file_s_extname(klass, fname) if (!p) p = name; else - name = ++p; + p++; e = 0; while (*p) { @@ -3053,7 +3067,7 @@ rb_file_s_extname(klass, fname) break; p = CharNext(p); } - if (!e || e == name || e+1 == p) /* no dot, or the only dot is first or end? */ + if (!e || e+1 == p) /* no dot, or the only dot is first or end? */ return rb_str_new(0, 0); extname = rb_str_new(e, p - e); /* keep the dot, too! */ OBJ_INFECT(extname, fname); @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2008-06-15" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20080615 -#define RUBY_PATCHLEVEL 209 +#define RUBY_PATCHLEVEL 210 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 |