ruby/backport-CVE-2019-16162.patch

From d4cf99d30bd5f6a8a4ababd0b9d7b06f3a479a24 Mon Sep 17 00:00:00 2001
From: "K.Takata" <kentkt@csc.jp>
Date: Thu, 1 Aug 2019 21:27:51 +0900
Subject: [PATCH] Fix out-of-bounds read in parse_char_class() (Close #139)
 
/[\x{111111}]/ causes out-of-bounds read when encoding is a single byte
encoding. \x{111111} is an invalid codepoint for a single byte encoding.
Check if it is a valid codepoint.
---
 regenc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
 
diff -Naur a/regenc.c b/regenc.c
--- a/regenc.c  2020-10-20 14:19:32.284000000 +0800
+++ b/regenc.c  2020-10-20 14:22:55.412000000 +0800
@@ -625,18 +625,23 @@
 }
 
 extern int
-onigenc_single_byte_code_to_mbclen(OnigCodePoint code ARG_UNUSED, OnigEncoding enc ARG_UNUSED)
+onigenc_single_byte_code_to_mbclen(OnigCodePoint code, OnigEncoding enc ARG_UNUSED)
 {
+  if (code > 0xff)
+    return ONIGERR_INVALID_CODE_POINT_VALUE;
   return 1;
 }
 
 extern int
 onigenc_single_byte_code_to_mbc(OnigCodePoint code, UChar *buf, OnigEncoding enc ARG_UNUSED)
 {
+  if (code > 0xff) {
 #ifdef RUBY
-  if (code > 0xff)
     rb_raise(rb_eRangeError, "%u out of char range", code);
+#else
+    return ONIGERR_INVALID_CODE_POINT_VALUE;
 #endif
+    }
   *buf = (UChar )(code & 0xff);
   return 1;
 }
fix CVE-2019-19204 CVE-2019-19246 CVE-2019-16161 CVE-2019-16162 CVE-2019-16163 2022-07-01 15:05:44 +08:00			`From d4cf99d30bd5f6a8a4ababd0b9d7b06f3a479a24 Mon Sep 17 00:00:00 2001`
			`From: "K.Takata" <kentkt@csc.jp>`
			`Date: Thu, 1 Aug 2019 21:27:51 +0900`
			`Subject: [PATCH] Fix out-of-bounds read in parse_char_class() (Close #139)`

			`/[\x{111111}]/ causes out-of-bounds read when encoding is a single byte`
			`encoding. \x{111111} is an invalid codepoint for a single byte encoding.`
			`Check if it is a valid codepoint.`
			`---`
			`regenc.c \| 9 +++++++--`
			`1 file changed, 7 insertions(+), 2 deletions(-)`

			`diff -Naur a/regenc.c b/regenc.c`
			`--- a/regenc.c 2020-10-20 14:19:32.284000000 +0800`
			`+++ b/regenc.c 2020-10-20 14:22:55.412000000 +0800`
			`@@ -625,18 +625,23 @@`
			`}`

			`extern int`
			`-onigenc_single_byte_code_to_mbclen(OnigCodePoint code ARG_UNUSED, OnigEncoding enc ARG_UNUSED)`
			`+onigenc_single_byte_code_to_mbclen(OnigCodePoint code, OnigEncoding enc ARG_UNUSED)`
			`{`
			`+ if (code > 0xff)`
			`+ return ONIGERR_INVALID_CODE_POINT_VALUE;`
			`return 1;`
			`}`

			`extern int`
			`onigenc_single_byte_code_to_mbc(OnigCodePoint code, UChar *buf, OnigEncoding enc ARG_UNUSED)`
			`{`
			`+ if (code > 0xff) {`
			`#ifdef RUBY`
			`- if (code > 0xff)`
			`rb_raise(rb_eRangeError, "%u out of char range", code);`
			`+#else`
			`+ return ONIGERR_INVALID_CODE_POINT_VALUE;`
			`#endif`
			`+ }`
			`*buf = (UChar )(code & 0xff);`
			`return 1;`
			`}`