diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | string.c | 3 | ||||
-rw-r--r-- | test/ruby/test_string.rb | 1 |
3 files changed, 11 insertions, 2 deletions
@@ -1,3 +1,12 @@ +Sun May 10 11:44:37 2015 Masaki Matsushita <glass.saga@gmail.com> + + * string.c (rb_str_crypt): Raise ArgumentError when + string passed to String#crypt contains null. + the patch is from jrusnack <jrusnack at redhat.com>. + [Bug #10988] [fix GH-853] + + * test/ruby/test_string.rb: test for above. + Sun May 10 11:23:03 2015 Masaki Matsushita <glass.saga@gmail.com> * enum.c (enum_to_a): Use size to set array capa when possible. @@ -7711,8 +7711,7 @@ rb_str_crypt(VALUE str, VALUE salt) rb_raise(rb_eArgError, "salt too short (need >=2 bytes)"); } - s = RSTRING_PTR(str); - if (!s) s = ""; + s = StringValueCStr(str); saltp = RSTRING_PTR(salt); if (!saltp[0] || !saltp[1]) goto short_salt; #ifdef BROKEN_CRYPT diff --git a/test/ruby/test_string.rb b/test/ruby/test_string.rb index 4cd6afdd80..2768a65441 100644 --- a/test/ruby/test_string.rb +++ b/test/ruby/test_string.rb @@ -507,6 +507,7 @@ class TestString < Test::Unit::TestCase assert_raise(ArgumentError) {S("mypassword").crypt(S(""))} assert_raise(ArgumentError) {S("mypassword").crypt(S("\0a"))} assert_raise(ArgumentError) {S("mypassword").crypt(S("a\0"))} + assert_raise(ArgumentError) {S("poison\u0000null").crypt(S("aa"))} [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].each do |enc| assert_raise(ArgumentError) {S("mypassword").crypt(S("aa".encode(enc)))} |