Fix DoS in the Ruby CGI module.

Obtained from:	ruby CVS
Reviewed by:	trhodes
OK'ed by:	maintainer silence
With hat:	secteam
This commit is contained in:
Simon L. B. Nielsen 2004-11-25 15:25:33 +00:00
parent 1aff41543a
commit 23003b8825
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=122406
4 changed files with 59 additions and 1 deletions

View file

@ -7,6 +7,7 @@
PORTNAME= ruby${RUBY_R}
PORTVERSION= ${RUBY_PORTVERSION}
PORTREVISION= 1
CATEGORIES= lang ruby ipv6
MASTER_SITES= ${MASTER_SITE_RUBY}
MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY}

View file

@ -0,0 +1,30 @@
--- lib/cgi.rb 2002/08/25 20:15:54 1.23.2.17
+++ lib/cgi.rb 2004/10/24 23:37:19 1.23.2.18
@@ -182,7 +182,7 @@ class CGI
CR = "\015"
LF = "\012"
EOL = CR + LF
- REVISION = '$Id: cgi.rb,v 1.23.2.17 2002/08/25 20:15:54 wakou Exp $'
+ REVISION = '$Id: cgi.rb,v 1.23.2.18 2004/10/24 23:37:19 matz Exp $'
NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM)
PATH_SEPARATOR = {'UNIX'=>'/', 'WINDOWS'=>'\\', 'MACINTOSH'=>':'}
@@ -823,13 +823,15 @@ def read_multipart(boundary, content
end
c = if bufsize < content_length
- stdinput.read(bufsize) or ''
+ stdinput.read(bufsize)
else
- stdinput.read(content_length) or ''
+ stdinput.read(content_length)
end
+ if c.nil?
+ raise EOFError, "bad content body"
+ end
buf += c
content_length -= c.size
-
end
buf = buf.sub(/\A((?:.|\n)*?)(?:#{EOL})?#{boundary}(#{EOL}|--)/n) do

View file

@ -7,7 +7,7 @@
PORTNAME= ruby${RUBY_R}
PORTVERSION= ${RUBY_PORTVERSION}
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= lang ruby ipv6
MASTER_SITES= ${MASTER_SITE_RUBY}
MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY}

View file

@ -0,0 +1,27 @@
--- lib/cgi.rb 2004/07/28 13:26:01 1.68.2.6
+++ lib/cgi.rb 2004/10/27 02:46:50 1.68.2.7
@@ -284,7 +284,7 @@ class CGI
# Standard internet newline sequence
EOL = CR + LF
- REVISION = '$Id: cgi.rb,v 1.68.2.6 2004/07/28 13:26:01 matz Exp $' #:nodoc:
+ REVISION = '$Id: cgi.rb,v 1.68.2.7 2004/10/27 02:46:50 matz Exp $' #:nodoc:
NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM)
@@ -1012,10 +1012,13 @@ def read_multipart(boundary, content
end
c = if bufsize < content_length
- stdinput.read(bufsize) or ''
+ stdinput.read(bufsize)
else
- stdinput.read(content_length) or ''
+ stdinput.read(content_length)
end
+ if c.nil?
+ raise EOFError, "bad content body"
+ end
buf.concat(c)
content_length -= c.size
end