Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
OBS:Server:2.4
ruby19
CVE-2013-2065.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2013-2065.patch of Package ruby19
From ca7c298dd6fe7731e324f779585236655cc4fc5e Mon Sep 17 00:00:00 2001 From: Aaron Patterson <aaron.patterson@gmail.com> Date: Fri, 10 May 2013 16:25:08 -0700 Subject: [PATCH] [CVE-2013-2065] check object tainting before calling the foreign function --- ext/dl/lib/dl/func.rb | 3 +++ ext/fiddle/function.c | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/ext/dl/lib/dl/func.rb b/ext/dl/lib/dl/func.rb index 7b9b54f..9a984ed 100644 --- a/ext/dl/lib/dl/func.rb +++ b/ext/dl/lib/dl/func.rb @@ -92,6 +92,9 @@ module DL super else funcs = [] + if $SAFE >= 1 && args.any? { |x| x.tainted? } + raise SecurityError, "tainted parameter not allowed" + end _args = wrap_args(args, @stack.types, funcs, &block) r = @cfunc.call(@stack.pack(_args)) funcs.each{|f| f.unbind_at_call()} diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c index ada37a4..52f7695 100644 --- a/ext/fiddle/function.c +++ b/ext/fiddle/function.c @@ -101,6 +101,15 @@ function_call(int argc, VALUE argv[], VALUE self) TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif); + if (rb_safe_level() >= 1) { + for (i = 0; i < argc; i++) { + VALUE src = argv[i]; + if (OBJ_TAINTED(src)) { + rb_raise(rb_eSecurityError, "tainted parameter not allowed"); + } + } + } + values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *)); generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic)); -- 1.8.1.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor