aboutsummaryrefslogtreecommitdiffstats
path: root/lang/ruby18
diff options
context:
space:
mode:
authorstas <stas@FreeBSD.org>2009-06-13 06:44:56 +0800
committerstas <stas@FreeBSD.org>2009-06-13 06:44:56 +0800
commitb1d8ed887e3998d7433564f034fbb5ac531b7f21 (patch)
tree940f76f407bf89c44d01b3e9dc77270a96cb0384 /lang/ruby18
parentbc9eab5c69222c55017ed9d68880c0a384fbd691 (diff)
downloadfreebsd-ports-gnome-b1d8ed887e3998d7433564f034fbb5ac531b7f21.tar.gz
freebsd-ports-gnome-b1d8ed887e3998d7433564f034fbb5ac531b7f21.tar.zst
freebsd-ports-gnome-b1d8ed887e3998d7433564f034fbb5ac531b7f21.zip
- Fix BigDecimal DoS vulnerability in ruby 1.8.7.
- Bump portrevision. Obtained from: ruby-lang CVS Security: 62e0fbe5-5798-11de-bb78-001cc0377035
Diffstat (limited to 'lang/ruby18')
-rw-r--r--lang/ruby18/files/patch-ext_bigdecimal_bigdecimal.c211
1 files changed, 211 insertions, 0 deletions
diff --git a/lang/ruby18/files/patch-ext_bigdecimal_bigdecimal.c b/lang/ruby18/files/patch-ext_bigdecimal_bigdecimal.c
new file mode 100644
index 000000000000..fa6bab2683a6
--- /dev/null
+++ b/lang/ruby18/files/patch-ext_bigdecimal_bigdecimal.c
@@ -0,0 +1,211 @@
+--- ext/bigdecimal/bigdecimal.c.orig 2009-06-13 01:11:45.000000000 +0400
++++ ext/bigdecimal/bigdecimal.c 2009-06-13 01:11:49.000000000 +0400
+@@ -306,17 +306,19 @@
+ BigDecimal_dump(int argc, VALUE *argv, VALUE self)
+ {
+ ENTER(5);
+- char sz[50];
+ Real *vp;
+ char *psz;
+ VALUE dummy;
++ volatile VALUE dump;
++
+ rb_scan_args(argc, argv, "01", &dummy);
+ GUARD_OBJ(vp,GetVpValue(self,1));
+- sprintf(sz,"%lu:",VpMaxPrec(vp)*VpBaseFig());
+- psz = ALLOCA_N(char,(unsigned int)VpNumOfChars(vp,"E")+strlen(sz));
+- sprintf(psz,"%s",sz);
++ dump = rb_str_new(0,VpNumOfChars(vp,"E")+50);
++ psz = RSTRING_PTR(dump);
++ sprintf(psz,"%lu:",VpMaxPrec(vp)*VpBaseFig());
+ VpToString(vp, psz+strlen(psz), 0, 0);
+- return rb_str_new2(psz);
++ rb_str_resize(dump, strlen(psz));
++ return dump;
+ }
+
+ /*
+@@ -520,6 +522,7 @@
+ ENTER(5);
+ int e,n,i,nf;
+ U_LONG v,b,j;
++ volatile VALUE str;
+ char *psz,*pch;
+ Real *p;
+
+@@ -527,14 +530,14 @@
+
+ /* Infinity or NaN not converted. */
+ if(VpIsNaN(p)) {
+- VpException(VP_EXCEPTION_NaN,"Computation results to 'NaN'(Not a Number)",0);
+- return Qnil;
++ VpException(VP_EXCEPTION_NaN,"Computation results to 'NaN'(Not a Number)",1);
++ return Qnil; /* not reached */
+ } else if(VpIsPosInf(p)) {
+- VpException(VP_EXCEPTION_INFINITY,"Computation results to 'Infinity'",0);
+- return Qnil;
++ VpException(VP_EXCEPTION_INFINITY,"Computation results to 'Infinity'",1);
++ return Qnil; /* not reached */
+ } else if(VpIsNegInf(p)) {
+- VpException(VP_EXCEPTION_INFINITY,"Computation results to '-Infinity'",0);
+- return Qnil;
++ VpException(VP_EXCEPTION_INFINITY,"Computation results to '-Infinity'",1);
++ return Qnil; /* not reached */
+ }
+
+ e = VpExponent10(p);
+@@ -544,7 +547,8 @@
+ e = VpGetSign(p)*p->frac[0];
+ return INT2FIX(e);
+ }
+- psz = ALLOCA_N(char,(unsigned int)(e+nf+2));
++ str = rb_str_new(0, e+nf+2);
++ psz = RSTRING_PTR(str);
+
+ n = (e+nf-1)/nf;
+ pch = psz;
+@@ -589,17 +593,21 @@
+ double d;
+ S_LONG e;
+ char *buf;
++ volatile VALUE str;
+
+ GUARD_OBJ(p,GetVpValue(self,1));
+ if(VpVtoD(&d, &e, p)!=1) return rb_float_new(d);
+- buf = ALLOCA_N(char,(unsigned int)VpNumOfChars(p,"E"));
++ if (e > DBL_MAX_10_EXP) goto erange;
++ str = rb_str_new(0, VpNumOfChars(p,"E"));
++ buf = RSTRING_PTR(str);
+ VpToString(p, buf, 0, 0);
+ errno = 0;
+ d = strtod(buf, 0);
+ if(errno == ERANGE) {
++ erange:
+ VpException(VP_EXCEPTION_OVERFLOW,"BigDecimal to Float conversion",0);
+- if(d>0.0) return rb_float_new(DBL_MAX);
+- else return rb_float_new(-DBL_MAX);
++ if(d>0.0) d = VpGetDoublePosInf();
++ else d = VpGetDoubleNegInf();
+ }
+ return rb_float_new(d);
+ }
+@@ -1491,6 +1499,7 @@
+ int fmt=0; /* 0:E format */
+ int fPlus=0; /* =0:default,=1: set ' ' before digits ,set '+' before digits. */
+ Real *vp;
++ volatile VALUE str;
+ char *psz;
+ char ch;
+ U_LONG nc;
+@@ -1527,14 +1536,16 @@
+ }
+ if(mc>0) nc += (nc + mc - 1) / mc + 1;
+
+- psz = ALLOCA_N(char,(unsigned int)nc);
++ str = rb_str_new(0, nc);
++ psz = RSTRING_PTR(str);
+
+ if(fmt) {
+ VpToFString(vp, psz, mc, fPlus);
+ } else {
+ VpToString (vp, psz, mc, fPlus);
+ }
+- return rb_str_new2(psz);
++ rb_str_resize(str, strlen(psz));
++ return str;
+ }
+
+ /* Splits a BigDecimal number into four parts, returned as an array of values.
+@@ -1566,24 +1577,29 @@
+ {
+ ENTER(5);
+ Real *vp;
+- VALUE obj,obj1;
++ VALUE obj,str;
+ S_LONG e;
+ S_LONG s;
+ char *psz1;
+
+ GUARD_OBJ(vp,GetVpValue(self,1));
+- psz1 = ALLOCA_N(char,(unsigned int)VpNumOfChars(vp,"E"));
++ str = rb_str_new(0, VpNumOfChars(vp,"E"));
++ psz1 = RSTRING_PTR(str);
+ VpSzMantissa(vp,psz1);
+ s = 1;
+ if(psz1[0]=='-') {
+- s = -1; ++psz1;
++ int len = strlen(psz1+1);
++
++ memmove(psz1, psz1+1, len);
++ psz1[len] = '\0';
++ s = -1;
+ }
+ if(psz1[0]=='N') s=0; /* NaN */
+ e = VpExponent10(vp);
+- obj1 = rb_str_new2(psz1);
+ obj = rb_ary_new2(4);
+ rb_ary_push(obj, INT2FIX(s));
+- rb_ary_push(obj, obj1);
++ rb_ary_push(obj, str);
++ rb_str_resize(str, strlen(psz1));
+ rb_ary_push(obj, INT2FIX(10));
+ rb_ary_push(obj, INT2NUM(e));
+ return obj;
+@@ -1616,20 +1632,22 @@
+ {
+ ENTER(5);
+ Real *vp;
+- VALUE obj;
++ volatile VALUE obj;
+ unsigned int nc;
+- char *psz1;
+- char *pszAll;
++ char *psz, *tmp;
+
+ GUARD_OBJ(vp,GetVpValue(self,1));
+ nc = VpNumOfChars(vp,"E");
+ nc +=(nc + 9) / 10;
+
+- psz1 = ALLOCA_N(char,nc);
+- pszAll = ALLOCA_N(char,nc+256);
+- VpToString(vp, psz1, 10, 0);
+- sprintf(pszAll,"#<BigDecimal:%lx,'%s',%lu(%lu)>",self,psz1,VpPrec(vp)*VpBaseFig(),VpMaxPrec(vp)*VpBaseFig());
+- obj = rb_str_new2(pszAll);
++ obj = rb_str_new(0, nc+256);
++ psz = RSTRING_PTR(obj);
++ sprintf(psz,"#<BigDecimal:%lx,'",self);
++ tmp = psz + strlen(psz);
++ VpToString(vp, tmp, 10, 0);
++ tmp += strlen(tmp);
++ sprintf(tmp,"',%lu(%lu)>",VpPrec(vp)*VpBaseFig(),VpMaxPrec(vp)*VpBaseFig());
++ rb_str_resize(obj, strlen(psz));
+ return obj;
+ }
+
+@@ -2482,6 +2500,7 @@
+ int sign=1;
+ Real *vp = NULL;
+ U_LONG mf = VpGetPrecLimit();
++ volatile VALUE buf;
+
+ mx = (mx + BASE_FIG - 1) / BASE_FIG + 1; /* Determine allocation unit. */
+ if(szVal) {
+@@ -2509,7 +2528,8 @@
+
+ /* Skip all '_' after digit: 2006-6-30 */
+ ni = 0;
+- psz = ALLOCA_N(char,strlen(szVal)+1);
++ buf = rb_str_new(0,strlen(szVal)+1);
++ psz = RSTRING_PTR(buf);
+ i = 0;
+ ipn = 0;
+ while((psz[i]=szVal[ipn])!=0) {
+@@ -3601,7 +3621,7 @@
+ nc += fprintf(fp, "0.");
+ n = a->Prec;
+ for(i=0;i < n;++i) {
+- m = BASE1;
++ m = BASE1;
+ e = a->frac[i];
+ while(m) {
+ nn = e / m;