kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

dir.c: check NUL bytes

Browse source 
* dir.c (GlobPathValue): should be used in rb_push_glob only.
  other methods should use FilePathValue.
  https://hackerone.com/reports/302338

* dir.c (rb_push_glob): expand GlobPathValue

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62989 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2018-03-28 09:58:52 +00:00
parent 22a4e6ac7a
commit bd5661a3cb
2 changed files with 20 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
dir.c
View file

@ -472,15 +472,6 @@ static const rb_data_type_t dir_data_type = {
static VALUE dir_close(VALUE); static VALUE dir_close(VALUE);
#define GlobPathValue(str, safe) \
/* can contain null bytes as separators */ \
(!RB_TYPE_P((str), T_STRING) ? \
(void)FilePathValue(str) : \
(void)(check_safe_glob((str), (safe)), \
check_glob_encoding(str), (str)))
#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0)
#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding()))
static VALUE static VALUE
dir_s_alloc(VALUE klass) dir_s_alloc(VALUE klass)
{ {
@ -551,7 +542,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir)
} }
} }
GlobPathValue(dirname, FALSE); FilePathValue(dirname);
orig = rb_str_dup_frozen(dirname); orig = rb_str_dup_frozen(dirname);
dirname = rb_str_encode_ospath(dirname); dirname = rb_str_encode_ospath(dirname);
dirname = rb_str_dup_frozen(dirname); dirname = rb_str_dup_frozen(dirname);
@ -2545,7 +2536,14 @@ rb_push_glob(VALUE str, VALUE base, int flags) /* '\0' is delimiter */
long offset = 0; long offset = 0;
VALUE ary; VALUE ary;
GlobPathValue(str, TRUE); /* can contain null bytes as separators */
if (!RB_TYPE_P((str), T_STRING)) {
FilePathValue(str);
}
else {
rb_check_safe_obj(str);
rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding()));
}
ary = rb_ary_new(); ary = rb_ary_new();
while (offset < RSTRING_LEN(str)) { while (offset < RSTRING_LEN(str)) {
@ -2575,7 +2573,7 @@ dir_globs(long argc, const VALUE *argv, VALUE base, int flags)
for (i = 0; i < argc; ++i) { for (i = 0; i < argc; ++i) {
int status; int status;
VALUE str = argv[i]; VALUE str = argv[i];
GlobPathValue(str, TRUE); FilePathValue(str);
status = push_glob(ary, str, base, flags); status = push_glob(ary, str, base, flags);
if (status) GLOB_JUMP_TAG(status); if (status) GLOB_JUMP_TAG(status);
} }
@ -2600,7 +2598,7 @@ dir_glob_options(VALUE opt, VALUE *base, int *flags)
} }
#endif #endif
else { else {
GlobPathValue(args[0], TRUE); FilePathValue(args[0]);
if (!RSTRING_LEN(args[0])) args[0] = Qnil; if (!RSTRING_LEN(args[0])) args[0] = Qnil;
*base = args[0]; *base = args[0];
} }
@ -3185,7 +3183,7 @@ rb_dir_s_empty_p(VALUE obj, VALUE dirname)
const char *path; const char *path;
enum {false_on_notdir = 1}; enum {false_on_notdir = 1};
GlobPathValue(dirname, FALSE); FilePathValue(dirname);
orig = rb_str_dup_frozen(dirname); orig = rb_str_dup_frozen(dirname);
dirname = rb_str_encode_ospath(dirname); dirname = rb_str_encode_ospath(dirname);
dirname = rb_str_dup_frozen(dirname); dirname = rb_str_dup_frozen(dirname);

8
test/ruby/test_dir.rb
View file

@ -156,6 +156,9 @@ class TestDir < Test::Unit::TestCase
open(File.join(@root, "}}a"), "wb") {} open(File.join(@root, "}}a"), "wb") {}
assert_equal(%w(}}{} }}a).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '}}{\{\},a}'))) assert_equal(%w(}}{} }}a).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '}}{\{\},a}')))
assert_equal(%w(}}{} }}a b c).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '{\}\}{\{\},a},b,c}'))) assert_equal(%w(}}{} }}a b c).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '{\}\}{\{\},a},b,c}')))
assert_raise(ArgumentError) {
Dir.glob([[@root, File.join(@root, "*")].join("\0")])
}
end end
def test_glob_recursive def test_glob_recursive
@ -229,21 +232,25 @@ class TestDir < Test::Unit::TestCase
def test_entries def test_entries
assert_entries(Dir.open(@root) {|dir| dir.entries}) assert_entries(Dir.open(@root) {|dir| dir.entries})
assert_entries(Dir.entries(@root).to_a) assert_entries(Dir.entries(@root).to_a)
assert_raise(ArgumentError) {Dir.entries(@root+"\0")}
end end
def test_foreach def test_foreach
assert_entries(Dir.open(@root) {|dir| dir.each.to_a}) assert_entries(Dir.open(@root) {|dir| dir.each.to_a})
assert_entries(Dir.foreach(@root).to_a) assert_entries(Dir.foreach(@root).to_a)
assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a}
end end
def test_children def test_children
assert_entries(Dir.open(@root) {|dir| dir.children}, true) assert_entries(Dir.open(@root) {|dir| dir.children}, true)
assert_entries(Dir.children(@root), true) assert_entries(Dir.children(@root), true)
assert_raise(ArgumentError) {Dir.children(@root+"\0")}
end end
def test_each_child def test_each_child
assert_entries(Dir.open(@root) {|dir| dir.each_child.to_a}, true) assert_entries(Dir.open(@root) {|dir| dir.each_child.to_a}, true)
assert_entries(Dir.each_child(@root).to_a, true) assert_entries(Dir.each_child(@root).to_a, true)
assert_raise(ArgumentError) {Dir.each_child(@root+"\0").to_a}
end end
def test_dir_enc def test_dir_enc
@ -400,6 +407,7 @@ class TestDir < Test::Unit::TestCase
end end
assert_raise(Errno::ENOENT) {Dir.empty?(@nodir)} assert_raise(Errno::ENOENT) {Dir.empty?(@nodir)}
assert_not_send([Dir, :empty?, File.join(@root, "b")]) assert_not_send([Dir, :empty?, File.join(@root, "b")])
assert_raise(ArgumentError) {Dir.empty?(@root+"\0")}
end end
def test_glob_gc_for_fd def test_glob_gc_for_fd