From bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 28 Mar 2018 09:58:52 +0000
Subject: dir.c: check NUL bytes

* dir.c (GlobPathValue): should be used in rb_push_glob only.
  other methods should use FilePathValue.
  https://hackerone.com/reports/302338

* dir.c (rb_push_glob): expand GlobPathValue

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62989 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 dir.c                 | 26 ++++++++++++--------------
 test/ruby/test_dir.rb |  8 ++++++++
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/dir.c b/dir.c
index 8ac8ee9a89..1343225ae1 100644
--- a/dir.c
+++ b/dir.c
@@ -472,15 +472,6 @@ static const rb_data_type_t dir_data_type = {
 
 static VALUE dir_close(VALUE);
 
-#define GlobPathValue(str, safe) \
-    /* can contain null bytes as separators */	\
-    (!RB_TYPE_P((str), T_STRING) ?		\
-     (void)FilePathValue(str) :			\
-     (void)(check_safe_glob((str), (safe)),		\
-      check_glob_encoding(str), (str)))
-#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0)
-#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding()))
-
 static VALUE
 dir_s_alloc(VALUE klass)
 {
@@ -551,7 +542,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir)
 	}
     }
 
-    GlobPathValue(dirname, FALSE);
+    FilePathValue(dirname);
     orig = rb_str_dup_frozen(dirname);
     dirname = rb_str_encode_ospath(dirname);
     dirname = rb_str_dup_frozen(dirname);
@@ -2545,7 +2536,14 @@ rb_push_glob(VALUE str, VALUE base, int flags) /* '\0' is delimiter */
     long offset = 0;
     VALUE ary;
 
-    GlobPathValue(str, TRUE);
+    /* can contain null bytes as separators */
+    if (!RB_TYPE_P((str), T_STRING)) {
+	FilePathValue(str);
+    }
+    else {
+	rb_check_safe_obj(str);
+	rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding()));
+    }
     ary = rb_ary_new();
 
     while (offset < RSTRING_LEN(str)) {
@@ -2575,7 +2573,7 @@ dir_globs(long argc, const VALUE *argv, VALUE base, int flags)
     for (i = 0; i < argc; ++i) {
 	int status;
 	VALUE str = argv[i];
-	GlobPathValue(str, TRUE);
+	FilePathValue(str);
 	status = push_glob(ary, str, base, flags);
 	if (status) GLOB_JUMP_TAG(status);
     }
@@ -2600,7 +2598,7 @@ dir_glob_options(VALUE opt, VALUE *base, int *flags)
     }
 #endif
     else {
-	GlobPathValue(args[0], TRUE);
+	FilePathValue(args[0]);
 	if (!RSTRING_LEN(args[0])) args[0] = Qnil;
 	*base = args[0];
     }
@@ -3185,7 +3183,7 @@ rb_dir_s_empty_p(VALUE obj, VALUE dirname)
     const char *path;
     enum {false_on_notdir = 1};
 
-    GlobPathValue(dirname, FALSE);
+    FilePathValue(dirname);
     orig = rb_str_dup_frozen(dirname);
     dirname = rb_str_encode_ospath(dirname);
     dirname = rb_str_dup_frozen(dirname);
diff --git a/test/ruby/test_dir.rb b/test/ruby/test_dir.rb
index 9a1a51ef51..7597262702 100644
--- a/test/ruby/test_dir.rb
+++ b/test/ruby/test_dir.rb
@@ -156,6 +156,9 @@ class TestDir < Test::Unit::TestCase
     open(File.join(@root, "}}a"), "wb") {}
     assert_equal(%w(}}{} }}a).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '}}{\{\},a}')))
     assert_equal(%w(}}{} }}a b c).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '{\}\}{\{\},a},b,c}')))
+    assert_raise(ArgumentError) {
+      Dir.glob([[@root, File.join(@root, "*")].join("\0")])
+    }
   end
 
   def test_glob_recursive
@@ -229,21 +232,25 @@ class TestDir < Test::Unit::TestCase
   def test_entries
     assert_entries(Dir.open(@root) {|dir| dir.entries})
     assert_entries(Dir.entries(@root).to_a)
+    assert_raise(ArgumentError) {Dir.entries(@root+"\0")}
   end
 
   def test_foreach
     assert_entries(Dir.open(@root) {|dir| dir.each.to_a})
     assert_entries(Dir.foreach(@root).to_a)
+    assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a}
   end
 
   def test_children
     assert_entries(Dir.open(@root) {|dir| dir.children}, true)
     assert_entries(Dir.children(@root), true)
+    assert_raise(ArgumentError) {Dir.children(@root+"\0")}
   end
 
   def test_each_child
     assert_entries(Dir.open(@root) {|dir| dir.each_child.to_a}, true)
     assert_entries(Dir.each_child(@root).to_a, true)
+    assert_raise(ArgumentError) {Dir.each_child(@root+"\0").to_a}
   end
 
   def test_dir_enc
@@ -400,6 +407,7 @@ class TestDir < Test::Unit::TestCase
     end
     assert_raise(Errno::ENOENT) {Dir.empty?(@nodir)}
     assert_not_send([Dir, :empty?, File.join(@root, "b")])
+    assert_raise(ArgumentError) {Dir.empty?(@root+"\0")}
   end
 
   def test_glob_gc_for_fd
-- 
cgit v1.2.3