From 3e5fe9f5522bfbc58b35e9c68d3f843620ddeb53 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 30 May 2016 15:33:06 +0000
Subject: * ext/socket/raddrinfo.c (host_str, port_str): Use StringValueCStr  
 instead of (Safe)StringValue, to detect NUL byte in the string.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55222 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                    | 5 +++++
 ext/socket/raddrinfo.c       | 8 ++++++--
 test/socket/test_addrinfo.rb | 6 ++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 28dfd653fb..44dd365286 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue May 31 00:30:11 2016  NAKAMURA Usaku  <usa@ruby-lang.org>
+
+	* ext/socket/raddrinfo.c (host_str, port_str): Use StringValueCStr
+	  instead of (Safe)StringValue, to detect NUL byte in the string.
+
 Mon May 30 22:02:01 2016  Kazuki Yamaguchi  <k@rhe.jp>
 
 	* ext/openssl/ossl_asn1.c (time_to_time_t): Use NUM2TIMET() instead of
diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c
index b0c80399de..11f5d1f5a6 100644
--- a/ext/socket/raddrinfo.c
+++ b/ext/socket/raddrinfo.c
@@ -429,6 +429,10 @@ str_is_number(const char *p)
 #define str_equal(ptr, len, name) \
     ((ptr)[0] == name[0] && \
      rb_strlen_lit(name) == (len) && memcmp(ptr, name, len) == 0)
+#define SafeStringValueCStr(v) do {\
+    StringValueCStr(v);\
+    rb_check_safe_obj(v);\
+} while(0)
 
 static char*
 host_str(VALUE host, char *hbuf, size_t hbuflen, int *flags_ptr)
@@ -447,7 +451,7 @@ host_str(VALUE host, char *hbuf, size_t hbuflen, int *flags_ptr)
         const char *name;
         size_t len;
 
-        SafeStringValue(host);
+        SafeStringValueCStr(host);
         RSTRING_GETMEM(host, name, len);
         if (!len || str_equal(name, len, "<any>")) {
             make_inetaddr(INADDR_ANY, hbuf, hbuflen);
@@ -486,7 +490,7 @@ port_str(VALUE port, char *pbuf, size_t pbuflen, int *flags_ptr)
         const char *serv;
         size_t len;
 
-        SafeStringValue(port);
+        SafeStringValueCStr(port);
         RSTRING_GETMEM(port, serv, len);
         if (len >= pbuflen) {
             rb_raise(rb_eArgError, "service name too long (%"PRIdSIZE")",
diff --git a/test/socket/test_addrinfo.rb b/test/socket/test_addrinfo.rb
index e010731af8..132d172380 100644
--- a/test/socket/test_addrinfo.rb
+++ b/test/socket/test_addrinfo.rb
@@ -42,6 +42,9 @@ class TestSocketAddrinfo < Test::Unit::TestCase
       Addrinfo.ip(addr)
     end
     assert_equal([0, "127.0.0.1"], Socket.unpack_sockaddr_in(ai))
+    assert_raise(ArgumentError) do
+      Addrinfo.ip("127.0.0.1\000x")
+    end
   end
 
   def test_addrinfo_tcp
@@ -56,6 +59,9 @@ class TestSocketAddrinfo < Test::Unit::TestCase
       Addrinfo.tcp("127.0.0.1", "0000000000000000000000080x".chop)
     end
     assert_equal([80, "127.0.0.1"], Socket.unpack_sockaddr_in(ai))
+    assert_raise(ArgumentError) do
+      Addrinfo.ip("127.0.0.1", "80\000x")
+    end
   end
 
   def test_addrinfo_udp
-- 
cgit v1.2.3