Overview

File CVE-2020-8165.patch of Package rubygem-activesupport-4_2.27570

From 1de629cd6e932e517abb9bb024dff41b2e16738c Mon Sep 17 00:00:00 2001
From: Dylan Thacker-Smith <Dylan.Smith@shopify.com>
Date: Sat, 22 Sep 2018 17:57:58 -0400
Subject: [PATCH] activesupport: Avoid Marshal.load on raw cache value in
 MemCacheStore and RedisCacheStore

Dalli is already being used for marshalling, so we should also rely
on it for unmarshalling. Since Dalli tags the cache value as marshalled
it can avoid unmarshalling a raw string which might have come from
an untrusted source.

activesupport: Deprecate Marshal.load on raw cache read in RedisCacheStore

The same value for the `raw` option should be provided for both reading and
writing to avoid Marshal.load being called on untrusted data.

[CVE-2020-8165]

Note: this has been backported to 4.2 from the original patch.

---
 .../active_support/cache/mem_cache_store.rb   | 14 ++--------
 .../active_support/cache/redis_cache_store.rb | 27 +++++++++++--------
 .../cache_increment_decrement_behavior.rb     | 12 ++++-----
 .../cache/behaviors/cache_store_behavior.rb   |  6 ++---
 .../behaviors/encoded_key_cache_behavior.rb   |  8 +++---
 .../cache/behaviors/local_cache_behavior.rb   | 10 +++----
 .../test/cache/stores/mem_cache_store_test.rb |  4 +--
 .../cache/stores/redis_cache_store_test.rb    |  3 ++-
 8 files changed, 40 insertions(+), 44 deletions(-)

diff --git a/lib/active_support/cache/mem_cache_store.rb b/lib/active_support/cache/mem_cache_store.rb
index f84c609033b3..dc062f8f87dc 100644
--- a/lib/active_support/cache/mem_cache_store.rb
+++ b/lib/active_support/cache/mem_cache_store.rb
@@ -6,7 +6,6 @@ rescue LoadError => e
 end
 
 require 'digest/md5'
-require 'active_support/core_ext/marshal'
 require 'active_support/core_ext/array/extract_options'
 
 module ActiveSupport
@@ -163,9 +162,8 @@ module ActiveSupport
           key
         end
 
-        def deserialize_entry(raw_value)
-          if raw_value
-            entry = Marshal.load(raw_value) rescue raw_value
+        def deserialize_entry(entry)
+          if entry
             entry.is_a?(Entry) ? entry : Entry.new(entry)
           else
             nil
@@ -175,14 +173,6 @@ module ActiveSupport
       # Provide support for raw values in the local cache strategy.
       module LocalCacheWithRaw # :nodoc:
         protected
-          def read_entry(key, options)
-            entry = super
-            if options[:raw] && local_cache && entry
-               entry = deserialize_entry(entry.value)
-            end
-            entry
-          end
-
           def write_entry(key, entry, options) # :nodoc:
             retval = super
             if options[:raw] && local_cache && retval
openSUSE Build Service is sponsored by
Places