packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!7 Fix CVE-2020-10933

Browse Source 
Merge pull request !7 from huanghaitao/master
This commit is contained in:
openeuler-ci-bot 2020-05-07 11:17:21 +08:00 committed by Gitee
commit 85ed5a2b47
2 changed files with 96 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2020-10933.patch Normal file
View File

@ -0,0 +1,88 @@
From 61b7f86248bd121be2e83768be71ef289e8e5b90 Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Tue, 31 Mar 2020 20:18:21 +0900
Subject: [PATCH] ext/socket/init.c: do not return uninitialized buffer
Resize string buffer only if some data is received in
BasicSocket#read_nonblock and some methods.
Co-Authored-By: Samuel Williams <samuel.williams@oriontransfer.co.nz>
---
ext/socket/init.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/ext/socket/init.c b/ext/socket/init.c
index 0675194d7442..6d17ecfb4e2f 100644
--- a/ext/socket/init.c
+++ b/ext/socket/init.c
@@ -121,6 +121,7 @@ rsock_send_blocking(void *data)
struct recvfrom_arg {
int fd, flags;
VALUE str;
+ size_t length;
socklen_t alen;
union_sockaddr buf;
};
@@ -131,10 +132,11 @@ recvfrom_blocking(void *data)
struct recvfrom_arg *arg = data;
socklen_t len0 = arg->alen;
ssize_t ret;
- ret = recvfrom(arg->fd, RSTRING_PTR(arg->str), RSTRING_LEN(arg->str),
+ ret = recvfrom(arg->fd, RSTRING_PTR(arg->str), arg->length,
arg->flags, &arg->buf.addr, &arg->alen);
if (ret != -1 && len0 < arg->alen)
arg->alen = len0;
+
return (VALUE)ret;
}
@@ -152,7 +154,6 @@ rsock_strbuf(VALUE str, long buflen)
} else {
rb_str_modify_expand(str, buflen - len);
}
- rb_str_set_len(str, buflen);
return str;
}
@@ -188,6 +189,7 @@ rsock_s_recvfrom(VALUE sock, int argc, VALUE *argv, enum sock_recv_type from)
arg.fd = fptr->fd;
arg.alen = (socklen_t)sizeof(arg.buf);
arg.str = str;
+ arg.length = buflen;
while (rb_io_check_closed(fptr),
rsock_maybe_wait_fd(arg.fd),
@@ -198,9 +200,8 @@ rsock_s_recvfrom(VALUE sock, int argc, VALUE *argv, enum sock_recv_type from)
}
}
- if (slen != RSTRING_LEN(str)) {
- rb_str_set_len(str, slen);
- }
+ /* Resize the string to the amount of data received */
+ rb_str_set_len(str, slen);
rb_obj_taint(str);
switch (from) {
case RECV_RECV:
@@ -330,6 +331,7 @@ rsock_read_nonblock(VALUE sock, VALUE length, VALUE buf, VALUE ex)
GetOpenFile(sock, fptr);
if (len == 0) {
+ rb_str_set_len(str, 0);
return str;
}
@@ -347,12 +349,9 @@ rsock_read_nonblock(VALUE sock, VALUE length, VALUE buf, VALUE ex)
rb_syserr_fail_path(e, fptr->pathv);
}
}
- if (len != n) {
+ if (n != RSTRING_LEN(str)) {
rb_str_modify(str);
rb_str_set_len(str, n);
- if (str != buf) {
- rb_str_resize(str, n);
- }
}
if (n == 0) {
if (ex == Qfalse) return Qnil;

10
ruby.spec
View File

@ -1,6 +1,6 @@
Name: ruby
Version: 2.5.1
Release: 104
Release: 105
Summary: Object-oriented scripting language interpreter
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
URL: http://ruby-lang.org/
@ -50,7 +50,7 @@ Patch6007: CVE-2019-16255.patch
Patch6008: CVE-2019-19204.patch
Patch6009: CVE-2019-19246.patch
Patch6010: CVE-2019-16163.patch
Patch6011: CVE-2020-10933.patch
Provides: %{name}-libs = %{version}-%{release}
Obsoletes: %{name}-libs < %{version}-%{release}
@ -588,6 +588,12 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
%changelog
* Thu May 07 2020 huanghaitao <huanghaitao@huawei.com> - 2.5.1-105
- Type:cves
- ID:CVE-2020-10933
- SUG:restart
- DESC:fix CVE-2020-10933
* Mon Feb 03 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.5.1-104
- Type:cves
- ID:CVE-2019-16163 CVE-2019-19204 CVE-2019-16255 CVE-2019-19246