diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | ext/socket/unixsocket.c | 2 | ||||
| -rw-r--r-- | test/socket/test_unix.rb | 10 | ||||
| -rw-r--r-- | version.h | 2 |
4 files changed, 19 insertions, 2 deletions
@@ -1,3 +1,10 @@ +Wed Mar 28 19:30:54 2018 Nobuyoshi Nakada <[email protected]> + + unixsocket.c: check NUL bytes + + * ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes. + https://hackerone.com/reports/302997 + Wed Mar 28 19:29:03 2018 SHIBATA Hiroshi <[email protected]> Ignore file separator from tmpfile/tmpdir name. diff --git a/ext/socket/unixsocket.c b/ext/socket/unixsocket.c index f73f12777c..32f7e33248 100644 --- a/ext/socket/unixsocket.c +++ b/ext/socket/unixsocket.c @@ -33,7 +33,7 @@ rsock_init_unixsock(VALUE sock, VALUE path, int server) int fd, status; rb_io_t *fptr; - SafeStringValue(path); + FilePathValue(path); INIT_SOCKADDR_UN(&sockaddr, sizeof(struct sockaddr_un)); if (sizeof(sockaddr.sun_path) < (size_t)RSTRING_LEN(path)) { diff --git a/test/socket/test_unix.rb b/test/socket/test_unix.rb index 3fe7fb368b..26aff18761 100644 --- a/test/socket/test_unix.rb +++ b/test/socket/test_unix.rb @@ -285,6 +285,16 @@ class TestSocket_UNIXSocket < Test::Unit::TestCase File.unlink path if path && File.socket?(path) end + def test_open_nul_byte + tmpfile = Tempfile.new("s") + path = tmpfile.path + tmpfile.close(true) + assert_raise(ArgumentError) {UNIXServer.open(path+"\0")} + assert_raise(ArgumentError) {UNIXSocket.open(path+"\0")} + ensure + File.unlink path if path && File.socket?(path) + end + def test_addr bound_unix_socket(UNIXServer) {|serv, path| UNIXSocket.open(path) {|c| @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.7" #define RUBY_RELEASE_DATE "2018-03-28" -#define RUBY_PATCHLEVEL 452 +#define RUBY_PATCHLEVEL 453 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 3 |