kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

string.c: check arguments for crypt

Browse source 
* string.c (rb_str_crypt): check arguments more strictly.
  * crypt() is not for wide char strings
  * salt bytes should not be NUL

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48779 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2014-12-12 01:49:20 +00:00
parent 9cabd72f5f
commit 01e621579a
3 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Fri Dec 12 10:49:18 2014 Nobuyoshi Nakada <nobu@ruby-lang.org>
* string.c (rb_str_crypt): check arguments more strictly.
* crypt() is not for wide char strings
* salt bytes should not be NUL
Fri Dec 12 08:16:01 2014 Matt Hoyle <matt@deployable.co>
* io.c (io_read) Fix spelling in docco for read. [Fix GH-781]

16
string.c
View file

@ -179,6 +179,15 @@ mustnot_broken(VALUE str)
}
}
static void
mustnot_wchar(VALUE str)
{
rb_encoding *enc = STR_ENC_GET(str);
if (rb_enc_mbminlen(enc) > 1) {
rb_raise(rb_eArgError, "wide char encoding: %s", rb_enc_name(enc));
}
}
static int fstring_cmp(VALUE a, VALUE b);
/* in case we restart MVM development, this needs to be per-VM */
@ -7629,12 +7638,17 @@ rb_str_crypt(VALUE str, VALUE salt)
#endif
StringValue(salt);
if (RSTRING_LEN(salt) < 2)
mustnot_wchar(str);
mustnot_wchar(salt);
if (RSTRING_LEN(salt) < 2) {
short_salt:
rb_raise(rb_eArgError, "salt too short (need >=2 bytes)");
}
s = RSTRING_PTR(str);
if (!s) s = "";
saltp = RSTRING_PTR(salt);
if (!saltp[0] || !saltp[1]) goto short_salt;
#ifdef BROKEN_CRYPT
if (!ISASCII((unsigned char)saltp[0]) || !ISASCII((unsigned char)saltp[1])) {
salt_8bit_clean[0] = saltp[0] & 0x7f;

8
test/ruby/test_string.rb
View file

@ -504,6 +504,14 @@ class TestString < Test::Unit::TestCase
def test_crypt
assert_equal(S('aaGUC/JkO9/Sc'), S("mypassword").crypt(S("aa")))
assert_not_equal(S('aaGUC/JkO9/Sc'), S("mypassword").crypt(S("ab")))
assert_raise(ArgumentError) {S("mypassword").crypt(S(""))}
assert_raise(ArgumentError) {S("mypassword").crypt(S("\0a"))}
assert_raise(ArgumentError) {S("mypassword").crypt(S("a\0"))}
[Encoding::UTF_16BE, Encoding::UTF_16LE,
Encoding::UTF_32BE, Encoding::UTF_32LE].each do |enc|
assert_raise(ArgumentError) {S("mypassword").crypt(S("aa".encode(enc)))}
assert_raise(ArgumentError) {S("mypassword".encode(enc)).crypt(S("aa"))}
end
end
def test_delete