file.c: fix buffer overflow

* file.c (rb_readlink): fix buffer overflow on a long symlink. since rb_str_modify_expand() expands from its length but not its capacity, need to set the length properly for each expansion. [ruby-core:58592] [Bug #9157] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43853 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2013-11-26 07:30:37 +00:00 · 2013-11-26 07:30:37 +00:00 · 079009fb93
commit 079009fb93
parent adcd0174b9
3 changed files with 26 additions and 0 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Tue Nov 26 16:30:31 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* file.c (rb_readlink): fix buffer overflow on a long symlink. since
+	  rb_str_modify_expand() expands from its length but not its capacity,
+	  need to set the length properly for each expansion.
+	  [ruby-core:58592] [Bug #9157]
+
 Tue Nov 26 14:23:17 2013  Aman Gupta <ruby@tmm1.net>

 	* ext/objspace/objspace_dump.c (dump_append_string_value): Escape
--- a/file.c
+++ b/file.c
@ -2618,6 +2618,7 @@ rb_readlink(VALUE path)
 	) {
 	rb_str_modify_expand(v, size);
 	size *= 2;
+	rb_str_set_len(v, size);
    }
    if (rv < 0) {
 	rb_str_resize(v, 0);
--- a/test/ruby/test_file_exhaustive.rb
+++ b/test/ruby/test_file_exhaustive.rb
@ -391,6 +391,24 @@ class TestFileExhaustive < Test::Unit::TestCase
  rescue NotImplementedError
  end

+  def test_readlink_long_path
+    return unless @symlinkfile
+    bug9157 = '[ruby-core:58592] [Bug #9157]'
+    assert_separately(["-", @symlinkfile, bug9157], <<-"end;")
+      symlinkfile, bug9157 = *ARGV
+      100.step(1000, 100) do |n|
+        File.unlink(symlinkfile)
+        link = "foo"*n
+        begin
+          File.symlink(link, symlinkfile)
+        rescue Errno::ENAMETOOLONG
+          break
+        end
+        assert_equal(link, File.readlink(symlinkfile), bug9157)
+      end
+    end;
+  end
+
  def test_unlink
    assert_equal(1, File.unlink(@file))
    make_file("foo", @file)