diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | dir.c | 22 | ||||
-rw-r--r-- | test/ruby/test_dir.rb | 5 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 26 insertions, 13 deletions
@@ -1,3 +1,13 @@ +Wed Mar 28 19:24:20 2018 Nobuyoshi Nakada <nobu@ruby-lang.org> + + dir.c: check NUL bytes + + * dir.c (GlobPathValue): should be used in rb_push_glob only. + other methods should use FilePathValue. + https://hackerone.com/reports/302338 + + * dir.c (rb_push_glob): expand GlobPathValue + Wed Mar 28 18:04:37 2018 Eric Wong <normalperson@yhbt.net> webrick: prevent response splitting and header injection @@ -449,15 +449,6 @@ static const rb_data_type_t dir_data_type = { static VALUE dir_close(VALUE); -#define GlobPathValue(str, safe) \ - /* can contain null bytes as separators */ \ - (!RB_TYPE_P((str), T_STRING) ? \ - (void)FilePathValue(str) : \ - (void)(check_safe_glob((str), (safe)), \ - check_glob_encoding(str), (str))) -#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0) -#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding())) - static VALUE dir_s_alloc(VALUE klass) { @@ -506,7 +497,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir) } } - GlobPathValue(dirname, FALSE); + FilePathValue(dirname); orig = rb_str_dup_frozen(dirname); dirname = rb_str_encode_ospath(dirname); dirname = rb_str_dup_frozen(dirname); @@ -2185,7 +2176,14 @@ rb_push_glob(VALUE str, int flags) /* '\0' is delimiter */ long offset = 0; VALUE ary; - GlobPathValue(str, TRUE); + /* can contain null bytes as separators */ + if (!RB_TYPE_P((str), T_STRING)) { + FilePathValue(str); + } + else { + rb_check_safe_obj(str); + rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding())); + } ary = rb_ary_new(); while (offset < RSTRING_LEN(str)) { @@ -2215,7 +2213,7 @@ dir_globs(long argc, const VALUE *argv, int flags) for (i = 0; i < argc; ++i) { int status; VALUE str = argv[i]; - GlobPathValue(str, TRUE); + FilePathValue(str); status = push_glob(ary, str, flags); if (status) GLOB_JUMP_TAG(status); } diff --git a/test/ruby/test_dir.rb b/test/ruby/test_dir.rb index 0cc5a6aa9b..c66c796f3f 100644 --- a/test/ruby/test_dir.rb +++ b/test/ruby/test_dir.rb @@ -156,6 +156,9 @@ class TestDir < Test::Unit::TestCase open(File.join(@root, "}}a"), "wb") {} assert_equal(%w(}}{} }}a).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '}}{\{\},a}'))) assert_equal(%w(}}{} }}a b c).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '{\}\}{\{\},a},b,c}'))) + assert_raise(ArgumentError) { + Dir.glob([[@root, File.join(@root, "*")].join("\0")]) + } end def test_glob_recursive @@ -191,10 +194,12 @@ class TestDir < Test::Unit::TestCase def test_entries assert_entries(Dir.open(@root) {|dir| dir.entries}) + assert_raise(ArgumentError) {Dir.entries(@root+"\0")} end def test_foreach assert_entries(Dir.foreach(@root).to_a) + assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a} end def test_dir_enc @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.7" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 450 +#define RUBY_PATCHLEVEL 451 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 |