From 47165eed264d357e78e27371cfef20d5c2bde5d9 Mon Sep 17 00:00:00 2001 From: usa Date: Wed, 28 Mar 2018 14:36:23 +0000 Subject: [PATCH] merge revision(s) 62991,63000: unixsocket.c: check NUL bytes * ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes. https://hackerone.com/reports/302997 unixsocket.c: abstract namespace * ext/socket/unixsocket.c (unixsock_path_value): fix r62991 for Linux abstract namespace. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63018 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 12 ++++++++++++ ext/socket/unixsocket.c | 24 +++++++++++++++++++++++- test/socket/test_unix.rb | 10 ++++++++++ version.h | 2 +- 4 files changed, 46 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d6fffaf9f4..c28b553cb2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +Wed Mar 28 23:35:28 2018 Nobuyoshi Nakada + + unixsocket.c: check NUL bytes + + * ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes. + https://hackerone.com/reports/302997 + + unixsocket.c: abstract namespace + + * ext/socket/unixsocket.c (unixsock_path_value): fix r62991 for + Linux abstract namespace. + Wed Mar 28 23:30:32 2018 SHIBATA Hiroshi Ignore file separator from tmpfile/tmpdir name. diff --git a/ext/socket/unixsocket.c b/ext/socket/unixsocket.c index 9a4c2cfc01..d80526c322 100644 --- a/ext/socket/unixsocket.c +++ b/ext/socket/unixsocket.c @@ -25,6 +25,28 @@ unixsock_connect_internal(VALUE a) arg->sockaddrlen, 0); } +static VALUE +unixsock_path_value(VALUE path) +{ +#ifdef __linux__ +#define TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE 0 + + VALUE name = path; +#if TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE + const int isstr = !NIL_P(name = rb_check_string_type(name)); +#else + const int isstr = RB_TYPE_P(name, T_STRING); +#endif + if (isstr) { + if (RSTRING_LEN(name) == 0 || RSTRING_PTR(name)[0] == '\0') { + rb_check_safe_obj(name); + return name; /* ignore encoding */ + } + } +#endif + return rb_get_path(path); +} + VALUE rsock_init_unixsock(VALUE sock, VALUE path, int server) { @@ -33,7 +55,7 @@ rsock_init_unixsock(VALUE sock, VALUE path, int server) int fd, status; rb_io_t *fptr; - SafeStringValue(path); + path = unixsock_path_value(path); INIT_SOCKADDR_UN(&sockaddr, sizeof(struct sockaddr_un)); if (sizeof(sockaddr.sun_path) < (size_t)RSTRING_LEN(path)) { diff --git a/test/socket/test_unix.rb b/test/socket/test_unix.rb index 866c83906e..004c5693ae 100644 --- a/test/socket/test_unix.rb +++ b/test/socket/test_unix.rb @@ -263,6 +263,16 @@ class TestSocket_UNIXSocket < Test::Unit::TestCase File.unlink path if path && File.socket?(path) end + def test_open_nul_byte + tmpfile = Tempfile.new("s") + path = tmpfile.path + tmpfile.close(true) + assert_raise(ArgumentError) {UNIXServer.open(path+"\0")} + assert_raise(ArgumentError) {UNIXSocket.open(path+"\0")} + ensure + File.unlink path if path && File.socket?(path) + end + def test_addr bound_unix_socket(UNIXServer) {|serv, path| UNIXSocket.open(path) {|c| diff --git a/version.h b/version.h index 4bb2de3339..72af22fbaf 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.2.10" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 484 +#define RUBY_PATCHLEVEL 485 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3