fix CVE-2019-16163 CVE-2019-16255 CVE-2019-19204 CVE-2019-19246
This commit is contained in:
zhangtao2020
parent
70a537d312
commit
707d60acc1
56
CVE-2019-16163.patch
Normal file
56
CVE-2019-16163.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From 4097828d7cc87589864fecf452f2cd46c5f37180 Mon Sep 17 00:00:00 2001
|
||||
From: "K.Kosako" <kosako@sofnec.co.jp>
|
||||
Date: Mon, 29 Jul 2019 12:52:56 +0900
|
||||
Subject: [PATCH] fix #147: Stack Exhaustion Problem caused by some parsing
|
||||
functions in regcomp.c making recursive calls to themselves.
|
||||
|
||||
---
|
||||
regparse.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/regparse.c b/regparse.c
|
||||
index f7177db..c07fccd 100644
|
||||
--- a/regparse.c
|
||||
+++ b/regparse.c
|
||||
@@ -4568,6 +4568,7 @@ parse_char_class(Node** np, Node** asc_np, OnigToken* tok, UChar** src, UChar* e
|
||||
env->parse_depth++;
|
||||
if (env->parse_depth > ParseDepthLimit)
|
||||
return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
|
||||
+
|
||||
prev_cc = asc_prev_cc = (CClassNode* )NULL;
|
||||
r = fetch_token_in_cc(tok, src, end, env);
|
||||
if (r == TK_CHAR && tok->u.c == '^' && tok->escaped == 0) {
|
||||
@@ -6514,14 +6515,18 @@ static int
|
||||
parse_exp(Node** np, OnigToken* tok, int term,
|
||||
UChar** src, UChar* end, ScanEnv* env)
|
||||
{
|
||||
- int r, len, group = 0;
|
||||
+ int r, len, group;
|
||||
Node* qn;
|
||||
Node** targetp;
|
||||
+ unsigned int parse_depth;
|
||||
|
||||
+ group = 0;
|
||||
*np = NULL;
|
||||
if (tok->type == (enum TokenSyms )term)
|
||||
goto end_of_token;
|
||||
|
||||
+ parse_depth = env->parse_depth;
|
||||
+
|
||||
switch (tok->type) {
|
||||
case TK_ALT:
|
||||
case TK_EOT:
|
||||
@@ -6832,6 +6837,10 @@ parse_exp(Node** np, OnigToken* tok, int term,
|
||||
if (is_invalid_quantifier_target(*targetp))
|
||||
return ONIGERR_TARGET_OF_REPEAT_OPERATOR_INVALID;
|
||||
|
||||
+ parse_depth++;
|
||||
+ if (parse_depth > ParseDepthLimit)
|
||||
+ return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
|
||||
+
|
||||
qn = node_new_quantifier(tok->u.repeat.lower, tok->u.repeat.upper,
|
||||
(r == TK_INTERVAL ? 1 : 0));
|
||||
CHECK_NULL_RETURN_MEMERR(qn);
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
60
CVE-2019-16255.patch
Normal file
60
CVE-2019-16255.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From 3af01ae1101e0b8815ae5a106be64b0e82a58640 Mon Sep 17 00:00:00 2001
|
||||
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
|
||||
Date: Tue, 1 Oct 2019 11:01:53 +0000
|
||||
Subject: [PATCH] lib/shell/command-processor.rb (Shell#[]): prevent unknown
|
||||
command
|
||||
|
||||
`FileTest.send(command, ...)` allows to call not only FileTest-related
|
||||
methods but also any method that belongs to Kernel, Object, etc.
|
||||
patched by <mame@ruby-lang.org>
|
||||
|
||||
|
||||
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
||||
---
|
||||
lib/shell/command-processor.rb | 3 +++
|
||||
test/shell/test_command_processor.rb | 18 ++++++++++++++++++
|
||||
2 files changed, 21 insertions(+)
|
||||
|
||||
diff --git a/lib/shell/command-processor.rb b/lib/shell/command-processor.rb
|
||||
index b52cb0043f75..08ea5c874c12 100644
|
||||
--- a/lib/shell/command-processor.rb
|
||||
+++ b/lib/shell/command-processor.rb
|
||||
@@ -180,6 +180,9 @@ def test(command, file1, file2=nil)
|
||||
top_level_test(command, file1)
|
||||
end
|
||||
else
|
||||
+ unless FileTest.methods(false).include?(command.to_sym)
|
||||
+ raise "unsupported command: #{ command }"
|
||||
+ end
|
||||
if file2
|
||||
FileTest.send(command, file1, file2)
|
||||
else
|
||||
diff --git a/test/shell/test_command_processor.rb b/test/shell/test_command_processor.rb
|
||||
index 06b5ecc1d9b4..51e14b5a6954 100644
|
||||
--- a/test/shell/test_command_processor.rb
|
||||
+++ b/test/shell/test_command_processor.rb
|
||||
@@ -67,6 +67,24 @@ def test_system_directory
|
||||
Dir.rmdir(path)
|
||||
end
|
||||
|
||||
+ def test_test
|
||||
+ name = "foo#{exeext}"
|
||||
+ path = File.join(@tmpdir, name)
|
||||
+ open(path, "w", 0644) {}
|
||||
+
|
||||
+ assert_equal(true, @shell[?e, path])
|
||||
+ assert_equal(true, @shell[:e, path])
|
||||
+ assert_equal(true, @shell["e", path])
|
||||
+ assert_equal(true, @shell[:exist?, path])
|
||||
+ assert_equal(true, @shell["exist?", path])
|
||||
+ assert_raise_with_message(RuntimeError, /unsupported command/) do
|
||||
+ assert_equal(true, @shell[:instance_eval, path])
|
||||
+ end
|
||||
+ ensure
|
||||
+ Process.waitall
|
||||
+ File.unlink(path)
|
||||
+ end
|
||||
+
|
||||
def test_option_type
|
||||
name = 'foo.cmd'
|
||||
path = File.join(@tmpdir, name)
|
||||
23
CVE-2019-19204.patch
Normal file
23
CVE-2019-19204.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From 6eb4aca6a7f2f60f473580576d86686ed6a6ebec Mon Sep 17 00:00:00 2001
|
||||
From: "K.Kosako" <kosako@sofnec.co.jp>
|
||||
Date: Wed, 6 Nov 2019 17:32:29 +0900
|
||||
Subject: [PATCH] fix #162: heap-buffer-overflow in fetch_interval_quantifier
|
||||
due to double PFETCH
|
||||
|
||||
---
|
||||
regparse.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/regparse.c b/regparse.c
|
||||
index 324c414..70c36d5 100644
|
||||
--- a/regparse.c
|
||||
+++ b/regparse.c
|
||||
@@ -4178,7 +4178,7 @@ fetch_interval_quantifier(UChar** src, UChar* end, PToken* tok, ScanEnv* env)
|
||||
if (PEND) goto invalid;
|
||||
PFETCH(c);
|
||||
if (IS_SYNTAX_OP(env->syntax, ONIG_SYN_OP_ESC_BRACE_INTERVAL)) {
|
||||
- if (c != MC_ESC(env->syntax)) goto invalid;
|
||||
+ if (c != MC_ESC(env->syntax) || PEND) goto invalid;
|
||||
if (PEND) goto invalid;
|
||||
PFETCH(c);
|
||||
}
|
||||
24
CVE-2019-19246.patch
Normal file
24
CVE-2019-19246.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From d3e402928b6eb3327f8f7d59a9edfa622fec557b Mon Sep 17 00:00:00 2001
|
||||
From: "K.Kosako" <kosako@sofnec.co.jp>
|
||||
Date: Tue, 13 Aug 2019 13:37:30 +0900
|
||||
Subject: [PATCH] fix heap-buffer-overflow
|
||||
|
||||
---
|
||||
regexec.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/regexec.c b/regexec.c
|
||||
index 4582c35..8a17ee7 100644
|
||||
--- a/regexec.c
|
||||
+++ b/regexec.c
|
||||
@@ -3255,6 +3255,7 @@ str_lower_case_match(OnigEncoding enc, int case_fold_flag,
|
||||
lowlen = ONIGENC_MBC_CASE_FOLD(enc, case_fold_flag, &p, end, lowbuf);
|
||||
q = lowbuf;
|
||||
while (lowlen > 0) {
|
||||
+ if (t >= tend) return 0;
|
||||
if (*t++ != *q++) return 0;
|
||||
lowlen--;
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
13
ruby.spec
13
ruby.spec
@ -1,6 +1,6 @@
|
||||
Name: ruby
|
||||
Version: 2.5.1
|
||||
Release: 103
|
||||
Release: 104
|
||||
Summary: Object-oriented scripting language interpreter
|
||||
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
|
||||
URL: http://ruby-lang.org/
|
||||
@ -46,6 +46,11 @@ Patch6003: CVE-2019-8322-8323-8324-8325.patch
|
||||
Patch6004: CVE-2019-15845.patch
|
||||
Patch6005: CVE-2019-16201.patch
|
||||
Patch6006: CVE-2019-16254.patch
|
||||
Patch6007: CVE-2019-16255.patch
|
||||
Patch6008: CVE-2019-19204.patch
|
||||
Patch6009: CVE-2019-19246.patch
|
||||
Patch6010: CVE-2019-16163.patch
|
||||
|
||||
|
||||
Provides: %{name}-libs = %{version}-%{release}
|
||||
Obsoletes: %{name}-libs < %{version}-%{release}
|
||||
@ -583,6 +588,12 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
|
||||
%exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
|
||||
|
||||
%changelog
|
||||
* Mon Feb 03 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.5.1-104
|
||||
- Type:cves
|
||||
- ID:CVE-2019-16163 CVE-2019-19204 CVE-2019-16255 CVE-2019-19246
|
||||
- SUG:N/A
|
||||
- DESC:fix CVE-2019-16163CVE-2019-19204CVE-2019-16255CVE-2019-19246
|
||||
|
||||
* Mon Feb 03 2020 Yiru Wang <wangyiru1@huawei.com> - 2.5.1-103
|
||||
- Type:cves
|
||||
- ID:CVE-2019-16254
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user