1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| | Prepare to fix CVE-2018-{8780,8779}:
Patch copied from snapshot.debian.org:
https://snapshot.debian.org/archive/debian-security/20180423T104456Z/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.358-7.1%2Bdeb7u6.debian.tar.gz
Index: ruby1.8/file.c
===================================================================
--- ruby1.8.orig/file.c
+++ ruby1.8/file.c
@@ -110,6 +110,41 @@ VALUE rb_cFile;
VALUE rb_mFileTest;
VALUE rb_cStat;
+#define insecure_obj_p(obj, level) ((level) >= 4 || ((level) > 0 && OBJ_TAINTED(obj)))
+
+static VALUE
+rb_get_path_check(VALUE obj, int level)
+{
+ VALUE tmp;
+ ID to_path;
+ /* skip encoding check - unavailable */
+
+ if (insecure_obj_p(obj, level)) {
+ rb_raise(rb_eSecurityError, "Insecure operation: -r");
+ }
+
+ /* skip check funcall - unvailable */
+ tmp = obj;
+ StringValue(tmp);
+
+ /* skip file_path_convert; useful in WIN32 */
+ if (obj != tmp && insecure_obj_p(tmp, level)) {
+ rb_raise(rb_eSecurityError, "Insecure operation: -r");
+ }
+ /* skip encoding check */
+
+ StringValueCStr(tmp);
+
+ return rb_str_new4(tmp);
+}
+
+VALUE
+rb_get_path(VALUE obj)
+{
+ return rb_get_path_check(obj, rb_safe_level());
+}
+
+
static long apply2files _((void (*)(const char *, void *), VALUE, void *));
static long
apply2files(func, vargs, arg)
|