From 7fb67f8be47706af6380cd251a2666d6969aa6f1 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 28 Mar 2018 14:36:23 +0000
Subject: [PATCH] merge revision(s) 62991,63000:

	unixsocket.c: check NUL bytes

	* ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes.
	  https://hackerone.com/reports/302997

	unixsocket.c: abstract namespace

	* ext/socket/unixsocket.c (unixsock_path_value): fix r62991 for
	  Linux abstract namespace.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63018 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/socket/unixsocket.c  | 24 +++++++++++++++++++++++-
 test/socket/test_unix.rb | 10 ++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/ext/socket/unixsocket.c b/ext/socket/unixsocket.c
index 75da9c1a78..6d68138af4 100644
--- a/ext/socket/unixsocket.c
+++ b/ext/socket/unixsocket.c
@@ -25,6 +25,28 @@ unixsock_connect_internal(VALUE a)
 			        arg->sockaddrlen, 0);
 }
 
+static VALUE
+unixsock_path_value(VALUE path)
+{
+#ifdef __linux__
+#define TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE 0
+
+    VALUE name = path;
+#if TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE
+    const int isstr = !NIL_P(name = rb_check_string_type(name));
+#else
+    const int isstr = RB_TYPE_P(name, T_STRING);
+#endif
+    if (isstr) {
+        if (RSTRING_LEN(name) == 0 || RSTRING_PTR(name)[0] == '\0') {
+            rb_check_safe_obj(name);
+            return name;             /* ignore encoding */
+        }
+    }
+#endif
+    return rb_get_path(path);
+}
+
 VALUE
 rsock_init_unixsock(VALUE sock, VALUE path, int server)
 {
@@ -33,7 +55,7 @@ rsock_init_unixsock(VALUE sock, VALUE path, int server)
     int fd, status;
     rb_io_t *fptr;
 
-    SafeStringValue(path);
+    path = unixsock_path_value(path);
     fd = rsock_socket(AF_UNIX, SOCK_STREAM, 0);
     if (fd < 0) {
 	rb_sys_fail("socket(2)");
diff --git a/test/socket/test_unix.rb b/test/socket/test_unix.rb
index eae236a60b..aef23141b8 100644
--- a/test/socket/test_unix.rb
+++ b/test/socket/test_unix.rb
@@ -253,6 +253,16 @@ class TestSocket_UNIXSocket < Test::Unit::TestCase
     File.unlink path if path && File.socket?(path)
   end
 
+  def test_open_nul_byte
+    tmpfile = Tempfile.new("s")
+    path = tmpfile.path
+    tmpfile.close(true)
+    assert_raise(ArgumentError) {UNIXServer.open(path+"\0")}
+    assert_raise(ArgumentError) {UNIXSocket.open(path+"\0")}
+  ensure
+    File.unlink path if path && File.socket?(path)
+  end
+
   def test_addr
     bound_unix_socket(UNIXServer) {|serv, path|
       c = UNIXSocket.new(path)
-- 
2.17.1