Overview

File 004_CVE-2022-29181.patch of Package rubygem-nokogiri.36403

commit 83cc451c3f29df397caa890afc3b714eae6ab8f7
Author: Mike Dalessio <mike.dalessio@gmail.com>
Date:   Fri May 6 21:57:41 2022 -0400

    fix: {HTML4,XML}::SAX::{Parser,ParserContext} check arg types
    
    Previously, arguments of the wrong type might cause segfault on CRuby.

--- a/ext/nokogiri/html_sax_parser_context.c	2022-10-27 13:54:37.249029870 +0200
+++ b/ext/nokogiri/html_sax_parser_context.c	2022-10-27 14:12:29.654049001 +0200
@@ -18,8 +18,8 @@
 {
     htmlParserCtxtPtr ctxt;
 
-    if (NIL_P(data))
-	rb_raise(rb_eArgError, "data cannot be nil");
+    Check_Type(data, T_STRING);
+
     if (!(int)RSTRING_LEN(data))
 	rb_raise(rb_eRuntimeError, "data cannot be empty");
 
--- a/lib/nokogiri/html/sax/parser.rb	2022-10-27 13:54:37.257029908 +0200
+++ b/lib/nokogiri/html/sax/parser.rb	2022-10-27 14:29:09.358588792 +0200
@@ -29,7 +29,7 @@
         ###
         # Parse html stored in +data+ using +encoding+
         def parse_memory data, encoding = 'UTF-8'
-          raise ArgumentError unless data
+          raise TypeError unless String === data
           return unless data.length > 0
           ctx = ParserContext.memory(data, encoding)
           yield ctx if block_given?
--- a/ext/nokogiri/xml_sax_parser_context.c 	2022-10-27 14:35:07.272158404 +0200
+++ b/ext/nokogiri/xml_sax_parser_context.c 	2022-10-27 14:24:20.141278661 +0200
@@ -2,6 +2,8 @@
 
 VALUE cNokogiriXmlSaxParserContext ;
 
+static ID id_read;
+
 static void deallocate(xmlParserCtxtPtr ctxt)
 {
   NOKOGIRI_DEBUG_START(handler);
@@ -25,6 +27,10 @@
     xmlParserCtxtPtr ctxt;
     xmlCharEncoding enc = (xmlCharEncoding)NUM2INT(encoding);
 
+    if (!rb_respond_to(io, id_read)) {
+        rb_raise(rb_eTypeError, "argument expected to respond to :read");
+    }
+
     ctxt = xmlCreateIOParserCtxt(NULL, NULL,
 				 (xmlInputReadCallback)io_read_callback,
 				 (xmlInputCloseCallback)io_close_callback,
@@ -60,8 +66,8 @@
 {
     xmlParserCtxtPtr ctxt;
 
-    if (NIL_P(data))
-	rb_raise(rb_eArgError, "data cannot be nil");
+    Check_Type(data, T_STRING);    
+
     if (!(int)RSTRING_LEN(data))
 	rb_raise(rb_eRuntimeError, "data cannot be empty");
 
@@ -259,4 +265,6 @@
   rb_define_method(klass, "recovery", get_recovery, 0);
   rb_define_method(klass, "line", line, 0);
   rb_define_method(klass, "column", column, 0);
+
+  id_read = rb_intern("read");  
 }
openSUSE Build Service is sponsored by
Places