File CVE-2022-44566.patch of Package rubygem-activerecord-5_1

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-44566.patch of Package rubygem-activerecord-5_1

--- activerecord.orig/lib/active_record/connection_adapters/postgresql/quoting.rb	2023-01-26 19:45:42.324107900 +0100
+++ activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb	2023-01-26 19:47:50.118624174 +0100
@@ -2,6 +2,12 @@ module ActiveRecord
   module ConnectionAdapters
     module PostgreSQL
       module Quoting
+        class IntegerOutOf64BitRange < StandardError
+          def initialize(msg)
+            super(msg)
+          end
+        end
+
         # Escapes binary strings for bytea input to the database.
         def escape_bytea(value)
           @connection.escape_bytea(value) if value
@@ -81,7 +87,27 @@ module ActiveRecord
             super(query_value("SELECT #{quote(sql_type)}::regtype::oid", "SCHEMA").to_i)
           end
 
+          def check_int_in_range(value)
+            if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808
+              exception = <<~ERROR
+                Provided value outside of the range of a signed 64bit integer.
+
+                PostgreSQL will treat the column type in question as a numeric.
+                This may result in a slow sequential scan due to a comparison
+                being performed between an integer or bigint value and a numeric value.
+
+                To allow for this potentially unwanted behavior, set
+                ActiveRecord::Base.raise_int_wider_than_64bit to false.
+              ERROR
+              raise IntegerOutOf64BitRange.new exception
+            end
+          end
+
           def _quote(value)
+            if ActiveRecord::Base.raise_int_wider_than_64bit && value.is_a?(Integer)
+              check_int_in_range(value)
+            end
+
             case value
             when OID::Xml::Data
               "xml '#{quote_string(value.to_s)}'"
--- activerecord.orig/lib/active_record/core.rb	2023-01-26 19:45:42.324107900 +0100
+++ activerecord/lib/active_record/core.rb	2023-01-26 19:49:57.193114286 +0100
@@ -132,6 +132,14 @@ module ActiveRecord
       mattr_accessor :warn_on_records_fetched_greater_than, instance_writer: false
       self.warn_on_records_fetched_greater_than = nil
 
+      ##
+      # :singleton-method:
+      # Application configurable boolean that denotes whether or not to raise
+      # an exception when the PostgreSQLAdapter is provided with an integer that is
+      # wider than signed 64bit representation
+      mattr_accessor :raise_int_wider_than_64bit, instance_writer: false
+      self.raise_int_wider_than_64bit = true
+
       mattr_accessor :maintain_test_schema, instance_accessor: false
 
       mattr_accessor :belongs_to_required_by_default, instance_accessor: false

Places

File CVE-2022-44566.patch of Package rubygem-activerecord-5_1

Places