raddrinfo.c: fix for SHARABLE_MIDDLE_SUBSTRING

* ext/socket/raddrinfo.c (host_str, port_str): use RSTRING_LEN instead of strlen, since RSTRING_PTR StringValueCStr may not be NUL-terminated when SHARABLE_MIDDLE_SUBSTRING=1. reported by @tmtms, http://twitter.com/tmtms/status/736910516229005312 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-05-30 07:28:55 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-05-30 07:28:55 +0000
commit: 157f4f8bd6be81a0131c372da0e7de31e9fe297d (patch)
tree: 68b97807dc9950dce7af0642722b1378559ba8ec
parent: 6d7e62a7238cfabc30f675002e14734be6c234a3 (diff)
download: ruby-157f4f8bd6be81a0131c372da0e7de31e9fe297d.tar.gz
3 files changed, 39 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index f0bfe7d829..c41bca63c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Mon May 30 16:28:53 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/socket/raddrinfo.c (host_str, port_str): use RSTRING_LEN
+	  instead of strlen, since RSTRING_PTR StringValueCStr may not be
+	  NUL-terminated when SHARABLE_MIDDLE_SUBSTRING=1.  reported by
+	  @tmtms, http://twitter.com/tmtms/status/736910516229005312
+
 Mon May 30 16:20:26 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* string.c (str_fill_term): return new pointer reallocated by
diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c
index 92556fc9d2..f18e278323 100644
--- a/ext/socket/raddrinfo.c
+++ b/ext/socket/raddrinfo.c
@@ -426,6 +426,10 @@ str_is_number(const char *p)
        return 0;
 }
 
+#define str_equal(ptr, len, name) \
+    ((ptr)[0] == name[0] && \
+     rb_strlen_lit(name) == (len) && memcmp(ptr, name, len) == 0)
+
 static char*
 host_str(VALUE host, char *hbuf, size_t hbuflen, int *flags_ptr)
 {
@@ -440,24 +444,26 @@ host_str(VALUE host, char *hbuf, size_t hbuflen, int *flags_ptr)
         return hbuf;
     }
     else {
-        char *name;
+        const char *name;
+        size_t len;
 
         SafeStringValue(host);
-        name = RSTRING_PTR(host);
-        if (!name || *name == 0 || (name[0] == '<' && strcmp(name, "<any>") == 0)) {
+        RSTRING_GETMEM(host, name, len);
+        if (!len || str_equal(name, len, "<any>")) {
             make_inetaddr(INADDR_ANY, hbuf, hbuflen);
             if (flags_ptr) *flags_ptr |= AI_NUMERICHOST;
         }
-        else if (name[0] == '<' && strcmp(name, "<broadcast>") == 0) {
+        else if (str_equal(name, len, "<broadcast>")) {
             make_inetaddr(INADDR_BROADCAST, hbuf, hbuflen);
             if (flags_ptr) *flags_ptr |= AI_NUMERICHOST;
         }
-        else if (strlen(name) >= hbuflen) {
-            rb_raise(rb_eArgError, "hostname too long (%"PRIuSIZE")",
-                strlen(name));
+        else if (len >= hbuflen) {
+            rb_raise(rb_eArgError, "hostname too long (%ld)",
+                     len);
         }
         else {
-            strcpy(hbuf, name);
+            memcpy(hbuf, name, len);
+            hbuf[len] = '\0';
         }
         return hbuf;
     }
@@ -477,15 +483,17 @@ port_str(VALUE port, char *pbuf, size_t pbuflen, int *flags_ptr)
         return pbuf;
     }
     else {
-        char *serv;
+        const char *serv;
+        size_t len;
 
         SafeStringValue(port);
-        serv = RSTRING_PTR(port);
-        if (strlen(serv) >= pbuflen) {
-            rb_raise(rb_eArgError, "service name too long (%"PRIuSIZE")",
-                strlen(serv));
+        RSTRING_GETMEM(port, serv, len);
+        if (len >= pbuflen) {
+            rb_raise(rb_eArgError, "service name too long (%ld)",
+                     len);
         }
-        strcpy(pbuf, serv);
+        memcpy(pbuf, serv, len);
+        pbuf[len] = '\0';
         return pbuf;
     }
 }
diff --git a/test/socket/test_addrinfo.rb b/test/socket/test_addrinfo.rb
index 9908278bbd..9084a604ed 100644
--- a/test/socket/test_addrinfo.rb
+++ b/test/socket/test_addrinfo.rb
@@ -35,6 +35,11 @@ class TestSocketAddrinfo < Test::Unit::TestCase
 
     ai = Addrinfo.ip("<broadcast>")
     assert_equal([0, "255.255.255.255"], Socket.unpack_sockaddr_in(ai))
+
+    ai = assert_nothing_raised(SocketError) do
+      Addrinfo.ip("00000000127.000000000.00000000.0000001x".chop)
+    end
+    assert_equal([0, "127.0.0.1"], Socket.unpack_sockaddr_in(ai))
   end
 
   def test_addrinfo_tcp
@@ -44,6 +49,11 @@ class TestSocketAddrinfo < Test::Unit::TestCase
     assert_equal(Socket::PF_INET, ai.pfamily)
     assert_equal(Socket::SOCK_STREAM, ai.socktype)
     assert_include([0, Socket::IPPROTO_TCP], ai.protocol)
+
+    ai = assert_nothing_raised(SocketError) do
+      Addrinfo.tcp("127.0.0.1", "0000000000000000000000080x".chop)
+    end
+    assert_equal([80, "127.0.0.1"], Socket.unpack_sockaddr_in(ai))
   end
 
   def test_addrinfo_udp
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-05-30 07:28:55 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-05-30 07:28:55 +0000
commit	157f4f8bd6be81a0131c372da0e7de31e9fe297d (patch)
tree	68b97807dc9950dce7af0642722b1378559ba8ec
parent	6d7e62a7238cfabc30f675002e14734be6c234a3 (diff)
download	ruby-157f4f8bd6be81a0131c372da0e7de31e9fe297d.tar.gz