merge revision(s) 62989:

dir.c: check NUL bytes

	* dir.c (GlobPathValue): should be used in rb_push_glob only.
	  other methods should use FilePathValue.
	  https://hackerone.com/reports/302338

	* dir.c (rb_push_glob): expand GlobPathValue

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63015 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,13 @@
+Wed Mar 28 23:27:23 2018  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	dir.c: check NUL bytes
+
+	* dir.c (GlobPathValue): should be used in rb_push_glob only.
+	  other methods should use FilePathValue.
+	  https://hackerone.com/reports/302338
+
+	* dir.c (rb_push_glob): expand GlobPathValue
+
 Sat Feb 17 01:24:49 2018  SHIBATA Hiroshi  <hsbt@ruby-lang.org>
 
 	Merge RubyGems 2.7.6 from upstream.

dir.c

@@ -423,15 +423,6 @@ static const rb_data_type_t dir_data_type = {
 
 static VALUE dir_close(VALUE);
 
-#define GlobPathValue(str, safe) \
-    /* can contain null bytes as separators */	\
-    (!RB_TYPE_P((str), T_STRING) ?		\
-     (void)FilePathValue(str) :			\
-     (void)(check_safe_glob((str), (safe)),		\
-      check_glob_encoding(str), (str)))
-#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0)
-#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding()))
-
 static VALUE
 dir_s_alloc(VALUE klass)
 {
@@ -480,7 +471,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir)
 	}
     }
 
-    GlobPathValue(dirname, FALSE);
+    FilePathValue(dirname);
     orig = rb_str_dup_frozen(dirname);
     dirname = rb_str_encode_ospath(dirname);
     dirname = rb_str_dup_frozen(dirname);
@@ -2050,7 +2041,14 @@ rb_push_glob(VALUE str, int flags) /* '\0' is delimiter */
     long offset = 0;
     VALUE ary;
 
-    GlobPathValue(str, TRUE);
+    /* can contain null bytes as separators */
+    if (!RB_TYPE_P((str), T_STRING)) {
+	FilePathValue(str);
+    }
+    else {
+	rb_check_safe_obj(str);
+	rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding()));
+    }
     ary = rb_ary_new();
 
     while (offset < RSTRING_LEN(str)) {
@@ -2080,7 +2078,7 @@ dir_globs(long argc, const VALUE *argv, int flags)
     for (i = 0; i < argc; ++i) {
 	int status;
 	VALUE str = argv[i];
-	GlobPathValue(str, TRUE);
+	FilePathValue(str);
 	status = push_glob(ary, str, flags);
 	if (status) GLOB_JUMP_TAG(status);
     }

test/ruby/test_dir.rb

@@ -149,6 +149,9 @@ class TestDir < Test::Unit::TestCase
 
     assert_equal([File.join(@root, "a")], Dir.glob(File.join(@root, 'a\\')))
     assert_equal((?a..?f).map {|f| File.join(@root, f) }.sort, Dir.glob(File.join(@root, '[abc/def]')).sort)
+    assert_raise(ArgumentError) {
+      Dir.glob([[@root, File.join(@root, "*")].join("\0")])
+    }
   end
 
   def test_glob_recursive
@@ -179,6 +182,7 @@ class TestDir < Test::Unit::TestCase
 
   def test_foreach
     assert_equal(Dir.foreach(@root).to_a.sort, %w(. ..) + (?a..?z).to_a)
+    assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a}
   end
 
   def test_dir_enc

version.h

@@ -1,10 +1,10 @@
-#define RUBY_VERSION "2.2.9"
-#define RUBY_RELEASE_DATE "2018-02-17"
-#define RUBY_PATCHLEVEL 482
+#define RUBY_VERSION "2.2.10"
+#define RUBY_RELEASE_DATE "2018-03-28"
+#define RUBY_PATCHLEVEL 483
 
 #define RUBY_RELEASE_YEAR 2018
-#define RUBY_RELEASE_MONTH 2
-#define RUBY_RELEASE_DAY 17
+#define RUBY_RELEASE_MONTH 3
+#define RUBY_RELEASE_DAY 28
 
 #include "ruby/version.h"