Fix DoS in the Ruby CGI module.
Obtained from: ruby CVS Reviewed by: trhodes OK'ed by: maintainer silence With hat: secteam
This commit is contained in:
parent
1aff41543a
commit
23003b8825
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=122406
4 changed files with 59 additions and 1 deletions
|
@ -7,6 +7,7 @@
|
|||
|
||||
PORTNAME= ruby${RUBY_R}
|
||||
PORTVERSION= ${RUBY_PORTVERSION}
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= lang ruby ipv6
|
||||
MASTER_SITES= ${MASTER_SITE_RUBY}
|
||||
MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY}
|
||||
|
|
30
lang/ruby16/files/patch-cgi.rb
Normal file
30
lang/ruby16/files/patch-cgi.rb
Normal file
|
@ -0,0 +1,30 @@
|
|||
--- lib/cgi.rb 2002/08/25 20:15:54 1.23.2.17
|
||||
+++ lib/cgi.rb 2004/10/24 23:37:19 1.23.2.18
|
||||
@@ -182,7 +182,7 @@ class CGI
|
||||
CR = "\015"
|
||||
LF = "\012"
|
||||
EOL = CR + LF
|
||||
- REVISION = '$Id: cgi.rb,v 1.23.2.17 2002/08/25 20:15:54 wakou Exp $'
|
||||
+ REVISION = '$Id: cgi.rb,v 1.23.2.18 2004/10/24 23:37:19 matz Exp $'
|
||||
|
||||
NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM)
|
||||
PATH_SEPARATOR = {'UNIX'=>'/', 'WINDOWS'=>'\\', 'MACINTOSH'=>':'}
|
||||
@@ -823,13 +823,15 @@ def read_multipart(boundary, content
|
||||
end
|
||||
|
||||
c = if bufsize < content_length
|
||||
- stdinput.read(bufsize) or ''
|
||||
+ stdinput.read(bufsize)
|
||||
else
|
||||
- stdinput.read(content_length) or ''
|
||||
+ stdinput.read(content_length)
|
||||
end
|
||||
+ if c.nil?
|
||||
+ raise EOFError, "bad content body"
|
||||
+ end
|
||||
buf += c
|
||||
content_length -= c.size
|
||||
-
|
||||
end
|
||||
|
||||
buf = buf.sub(/\A((?:.|\n)*?)(?:#{EOL})?#{boundary}(#{EOL}|--)/n) do
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
PORTNAME= ruby${RUBY_R}
|
||||
PORTVERSION= ${RUBY_PORTVERSION}
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= lang ruby ipv6
|
||||
MASTER_SITES= ${MASTER_SITE_RUBY}
|
||||
MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY}
|
||||
|
|
27
lang/ruby18/files/patch-cgi.rb
Normal file
27
lang/ruby18/files/patch-cgi.rb
Normal file
|
@ -0,0 +1,27 @@
|
|||
--- lib/cgi.rb 2004/07/28 13:26:01 1.68.2.6
|
||||
+++ lib/cgi.rb 2004/10/27 02:46:50 1.68.2.7
|
||||
@@ -284,7 +284,7 @@ class CGI
|
||||
# Standard internet newline sequence
|
||||
EOL = CR + LF
|
||||
|
||||
- REVISION = '$Id: cgi.rb,v 1.68.2.6 2004/07/28 13:26:01 matz Exp $' #:nodoc:
|
||||
+ REVISION = '$Id: cgi.rb,v 1.68.2.7 2004/10/27 02:46:50 matz Exp $' #:nodoc:
|
||||
|
||||
NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM)
|
||||
|
||||
@@ -1012,10 +1012,13 @@ def read_multipart(boundary, content
|
||||
end
|
||||
|
||||
c = if bufsize < content_length
|
||||
- stdinput.read(bufsize) or ''
|
||||
+ stdinput.read(bufsize)
|
||||
else
|
||||
- stdinput.read(content_length) or ''
|
||||
+ stdinput.read(content_length)
|
||||
end
|
||||
+ if c.nil?
|
||||
+ raise EOFError, "bad content body"
|
||||
+ end
|
||||
buf.concat(c)
|
||||
content_length -= c.size
|
||||
end
|
Loading…
Reference in a new issue