diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-11-26 07:30:37 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-11-26 07:30:37 +0000 |
commit | 079009fb93678e902777669c663ed6f651a05c85 (patch) | |
tree | 7f2d849ba6f739d3022f1353d411a7935362c683 | |
parent | adcd0174b97e09f3f1f1651f9d2399167ac313ee (diff) | |
download | ruby-079009fb93678e902777669c663ed6f651a05c85.tar.gz |
file.c: fix buffer overflow
* file.c (rb_readlink): fix buffer overflow on a long symlink. since
rb_str_modify_expand() expands from its length but not its capacity,
need to set the length properly for each expansion.
[ruby-core:58592] [Bug #9157]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43853 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | file.c | 1 | ||||
-rw-r--r-- | test/ruby/test_file_exhaustive.rb | 18 |
3 files changed, 26 insertions, 0 deletions
@@ -1,3 +1,10 @@ +Tue Nov 26 16:30:31 2013 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * file.c (rb_readlink): fix buffer overflow on a long symlink. since + rb_str_modify_expand() expands from its length but not its capacity, + need to set the length properly for each expansion. + [ruby-core:58592] [Bug #9157] + Tue Nov 26 14:23:17 2013 Aman Gupta <ruby@tmm1.net> * ext/objspace/objspace_dump.c (dump_append_string_value): Escape @@ -2618,6 +2618,7 @@ rb_readlink(VALUE path) ) { rb_str_modify_expand(v, size); size *= 2; + rb_str_set_len(v, size); } if (rv < 0) { rb_str_resize(v, 0); diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index 069e5592ca..ec4ff1c15c 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -391,6 +391,24 @@ class TestFileExhaustive < Test::Unit::TestCase rescue NotImplementedError end + def test_readlink_long_path + return unless @symlinkfile + bug9157 = '[ruby-core:58592] [Bug #9157]' + assert_separately(["-", @symlinkfile, bug9157], <<-"end;") + symlinkfile, bug9157 = *ARGV + 100.step(1000, 100) do |n| + File.unlink(symlinkfile) + link = "foo"*n + begin + File.symlink(link, symlinkfile) + rescue Errno::ENAMETOOLONG + break + end + assert_equal(link, File.readlink(symlinkfile), bug9157) + end + end; + end + def test_unlink assert_equal(1, File.unlink(@file)) make_file("foo", @file) |