From fd705262da0f3f311832085af35e8a44dff2f04d Mon Sep 17 00:00:00 2001
From: yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 15 Jan 2009 15:35:25 +0000
Subject: merges r21469 from trunk into ruby_1_9_1. * ext/socket/socket.c
 (sock_s_unpack_sockaddr_in): check too short   sockaddr.  
 (sock_s_unpack_sockaddr_un): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@21537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                  |  6 ++++++
 ext/socket/socket.c        | 10 ++++++++++
 test/socket/test_socket.rb |  2 ++
 3 files changed, 18 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 50fc7b5891..b0d8d64c72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Tue Jan 13 00:57:56 2009  Tanaka Akira  <akr@fsij.org>
+
+	* ext/socket/socket.c (sock_s_unpack_sockaddr_in): check too short
+	  sockaddr.
+	  (sock_s_unpack_sockaddr_un): ditto.
+
 Mon Jan 12 17:23:05 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* lib/test/unit/assertions.rb (assert_nothing_raised): removes the
diff --git a/ext/socket/socket.c b/ext/socket/socket.c
index 563a72679e..73a02d15f3 100644
--- a/ext/socket/socket.c
+++ b/ext/socket/socket.c
@@ -3484,6 +3484,11 @@ sock_s_unpack_sockaddr_in(VALUE self, VALUE addr)
     VALUE host;
 
     sockaddr = (struct sockaddr_in*)StringValuePtr(addr);
+    if (RSTRING_LEN(addr) <
+        (char*)&((struct sockaddr *)sockaddr)->sa_family +
+        sizeof(((struct sockaddr *)sockaddr)->sa_family) -
+        (char*)sockaddr)
+        rb_raise(rb_eArgError, "too short sockaddr");
     if (((struct sockaddr *)sockaddr)->sa_family != AF_INET
 #ifdef INET6
         && ((struct sockaddr *)sockaddr)->sa_family != AF_INET6
@@ -3530,6 +3535,11 @@ sock_s_unpack_sockaddr_un(VALUE self, VALUE addr)
     VALUE path;
 
     sockaddr = (struct sockaddr_un*)StringValuePtr(addr);
+    if (RSTRING_LEN(addr) <
+        (char*)&((struct sockaddr *)sockaddr)->sa_family +
+        sizeof(((struct sockaddr *)sockaddr)->sa_family) -
+        (char*)sockaddr)
+        rb_raise(rb_eArgError, "too short sockaddr");
     if (((struct sockaddr *)sockaddr)->sa_family != AF_UNIX) {
         rb_raise(rb_eArgError, "not an AF_UNIX sockaddr");
     }
diff --git a/test/socket/test_socket.rb b/test/socket/test_socket.rb
index 90f1037db8..898bb1f297 100644
--- a/test/socket/test_socket.rb
+++ b/test/socket/test_socket.rb
@@ -82,6 +82,8 @@ class TestSocket < Test::Unit::TestCase
     assert_raise(ArgumentError) { Socket.unpack_sockaddr_un(sockaddr_in) }
     sockaddr_un = Socket.sockaddr_un("/tmp/s")
     assert_raise(ArgumentError) { Socket.unpack_sockaddr_in(sockaddr_un) }
+    assert_raise(ArgumentError) { Socket.unpack_sockaddr_in("") }
+    assert_raise(ArgumentError) { Socket.unpack_sockaddr_un("") }
   end if Socket.respond_to?(:sockaddr_un)
 
   def test_sysaccept
-- 
cgit v1.2.3