From 3e6337b88b5255aba07b8f44de72cd5885f59465 Mon Sep 17 00:00:00 2001
From: eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 27 Oct 2018 10:48:40 +0000
Subject: Update to ruby/spec@8b743a3

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 spec/ruby/security/cve_2018_16396_spec.rb | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 spec/ruby/security/cve_2018_16396_spec.rb

(limited to 'spec/ruby/security')

diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb
new file mode 100644
index 0000000000..e462e0022d
--- /dev/null
+++ b/spec/ruby/security/cve_2018_16396_spec.rb
@@ -0,0 +1,21 @@
+require_relative '../spec_helper'
+
+describe "Array#pack" do
+
+  it "resists CVE-2018-16396 by tainting output based on input" do
+    "aAZBbHhuMmPp".each_char do |f|
+      ["123456".taint].pack(f).tainted?.should be_true
+    end
+  end
+
+end
+
+describe "String#unpack" do
+
+  it "resists CVE-2018-16396 by tainting output based on input" do
+    "aAZBbHhuMm".each_char do |f|
+      "123456".taint.unpack(f).first.tainted?.should be_true
+    end
+  end
+
+end
-- 
cgit v1.2.1