rpms / ruby

Clone
Source Code
GIT

Blame SOURCES/ruby-2.5.0-Fixed-command-Injection.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-2.5 c8-beta-stream-2.6 c8-beta-stream-2.7 c8-beta-stream-3.0 c8-beta-stream-3.1 c8-stream-2.5 c8-stream-2.6 c8-stream-2.7 c8-stream-3.0 c8-stream-3.1 c8s-stream-2.5 c8s-stream-2.6 c8s-stream-2.7 c8s-stream-3.0 c8s-stream-3.1 c9 c9-beta c9-beta-stream-3.1 c9-stream-3.1
  1.   041d869a14b8d583ffda6d72a7d52007a4c08998
  2.   SOURCES
  3.   ruby-2.5.0-Fixed-command-Injection.patch
Blob History Raw
8ca061 
From ba0d5f7a6df6ba5545c3ce0b09e107e10d082d49 Mon Sep 17 00:00:00 2001
8ca061 
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
8ca061 
Date: Wed, 20 Dec 2017 04:18:31 +0000
8ca061 
Subject: [PATCH 1/3] Fixed command Injection
8ca061
8ca061 
* resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential
8ca061 
  command Injection in Hosts::new() by use of Kernel#open.
8ca061 
  [Fix GH-1777] [ruby-core:84347] [Bug #14205]
8ca061
8ca061 
From: Drigg3r <drigg3r@yandex.com>
8ca061
8ca061 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
8ca061 
---
8ca061 
 lib/resolv.rb | 2 +-
8ca061 
 1 file changed, 1 insertion(+), 1 deletion(-)
8ca061
8ca061 
diff --git a/lib/resolv.rb b/lib/resolv.rb
8ca061 
index 1044b95e68..56183b837d 100644
8ca061 
--- a/lib/resolv.rb
8ca061 
+++ b/lib/resolv.rb
8ca061 
@@ -186,7 +186,7 @@ def lazy_initialize # :nodoc:
8ca061 
         unless @initialized
8ca061 
           @name2addr = {}
8ca061 
           @addr2name = {}
8ca061 
-          open(@filename, 'rb') {|f|
8ca061 
+          File.open(@filename, 'rb') {|f|
8ca061 
             f.each {|line|
8ca061 
               line.sub!(/#.*/, '')
8ca061 
               addr, hostname, *aliases = line.split(/\s+/)
8ca061 
--
8ca061 
2.15.1
8ca061
8ca061
8ca061 
From 0b6213635018ef73567388c1095ad1c556e1f4ee Mon Sep 17 00:00:00 2001
8ca061 
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
8ca061 
Date: Wed, 20 Dec 2017 04:25:01 +0000
8ca061 
Subject: [PATCH 2/3] Fixed command Injection
8ca061
8ca061 
* lib/resolv.rb (Resolv::Config.parse_resolv_conf): fixed
8ca061 
  potential command injection by use of Kernel#open.
8ca061 
  [ruby-core:84347] [Bug #14205]
8ca061
8ca061 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
8ca061 
---
8ca061 
 lib/resolv.rb            |  2 +-
8ca061 
 test/resolv/test_addr.rb | 11 +++++++++++
8ca061 
 test/resolv/test_dns.rb  | 10 ++++++++++
8ca061 
 3 files changed, 22 insertions(+), 1 deletion(-)
8ca061
8ca061 
diff --git a/lib/resolv.rb b/lib/resolv.rb
8ca061 
index 56183b837d..48ee400efe 100644
8ca061 
--- a/lib/resolv.rb
8ca061 
+++ b/lib/resolv.rb
8ca061 
@@ -904,7 +904,7 @@ def Config.parse_resolv_conf(filename)
8ca061 
         nameserver = []
8ca061 
         search = nil
8ca061 
         ndots = 1
8ca061 
-        open(filename, 'rb') {|f|
8ca061 
+        File.open(filename, 'rb') {|f|
8ca061 
           f.each {|line|
8ca061 
             line.sub!(/[#;].*/, '')
8ca061 
             keyword, *args = line.split(/\s+/)
8ca061 
diff --git a/test/resolv/test_addr.rb b/test/resolv/test_addr.rb
8ca061 
index 4a2df5bfca..78a28c9633 100644
8ca061 
--- a/test/resolv/test_addr.rb
8ca061 
+++ b/test/resolv/test_addr.rb
8ca061 
@@ -26,4 +26,15 @@ def test_invalid_byte_comment
8ca061 
       end
8ca061 
     end
8ca061 
   end
8ca061 
+
8ca061 
+  def test_hosts_by_command
8ca061 
+    Dir.mktmpdir do |dir|
8ca061 
+      Dir.chdir(dir) do
8ca061 
+        hosts = Resolv::Hosts.new("|echo error")
8ca061 
+        assert_raise(Errno::ENOENT) do
8ca061 
+          hosts.each_name("") {}
8ca061 
+        end
8ca061 
+      end
8ca061 
+    end
8ca061 
+  end
8ca061 
 end
8ca061 
diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb
8ca061 
index f21a094b20..8236078374 100644
8ca061 
--- a/test/resolv/test_dns.rb
8ca061 
+++ b/test/resolv/test_dns.rb
8ca061 
@@ -176,6 +176,16 @@ def test_invalid_byte_comment
8ca061 
     end
8ca061 
   end
8ca061
8ca061 
+  def test_resolv_conf_by_command
8ca061 
+    Dir.mktmpdir do |dir|
8ca061 
+      Dir.chdir(dir) do
8ca061 
+        assert_raise(Errno::ENOENT) do
8ca061 
+          Resolv::DNS::Config.parse_resolv_conf("|echo foo")
8ca061 
+        end
8ca061 
+      end
8ca061 
+    end
8ca061 
+  end
8ca061 
+
8ca061 
   def test_dots_diffences
8ca061 
     name1 = Resolv::DNS::Name.create("example.org")
8ca061 
     name2 = Resolv::DNS::Name.create("ex.ampl.eo.rg")
8ca061 
--
8ca061 
2.15.1
8ca061
8ca061
8ca061 
From dd71a5a9a459dbda9b9a4786f6a0b5bd59a81aae Mon Sep 17 00:00:00 2001
8ca061 
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
8ca061 
Date: Wed, 20 Dec 2017 16:04:41 +0000
8ca061 
Subject: [PATCH 3/3] fix test errors on Windows
8ca061
8ca061 
	* test/resolv/test_addr.rb (test_hosts_by_command): on Windows, `|` is
8ca061 
	  invalid charactor for path and raises `Errno::EINVAL` if trying to
8ca061 
	  open.
8ca061
8ca061 
	* test/resolv/test_dns.rb (test_resolv_conf_by_command): ditto.
8ca061
8ca061 
	cf. [Bug #14205]
8ca061
8ca061
8ca061 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61374 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
8ca061 
---
8ca061 
 test/resolv/test_addr.rb | 2 +-
8ca061 
 test/resolv/test_dns.rb  | 2 +-
8ca061 
 2 files changed, 2 insertions(+), 2 deletions(-)
8ca061
8ca061 
diff --git a/test/resolv/test_addr.rb b/test/resolv/test_addr.rb
8ca061 
index 78a28c9633..14ec2651ab 100644
8ca061 
--- a/test/resolv/test_addr.rb
8ca061 
+++ b/test/resolv/test_addr.rb
8ca061 
@@ -31,7 +31,7 @@ def test_hosts_by_command
8ca061 
     Dir.mktmpdir do |dir|
8ca061 
       Dir.chdir(dir) do
8ca061 
         hosts = Resolv::Hosts.new("|echo error")
8ca061 
-        assert_raise(Errno::ENOENT) do
8ca061 
+        assert_raise(Errno::ENOENT, Errno::EINVAL) do
8ca061 
           hosts.each_name("") {}
8ca061 
         end
8ca061 
       end
8ca061 
diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb
8ca061 
index 8236078374..1b44f32807 100644
8ca061 
--- a/test/resolv/test_dns.rb
8ca061 
+++ b/test/resolv/test_dns.rb
8ca061 
@@ -179,7 +179,7 @@ def test_invalid_byte_comment
8ca061 
   def test_resolv_conf_by_command
8ca061 
     Dir.mktmpdir do |dir|
8ca061 
       Dir.chdir(dir) do
8ca061 
-        assert_raise(Errno::ENOENT) do
8ca061 
+        assert_raise(Errno::ENOENT, Errno::EINVAL) do
8ca061 
           Resolv::DNS::Config.parse_resolv_conf("|echo foo")
8ca061 
         end
8ca061 
       end
8ca061 
--
8ca061 
2.15.1
8ca061

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation