fix CVE-2022-28739
(cherry picked from commit 82de38d5527fbde7f563e2760aa66ab3a559fa94)
This commit is contained in:
shixuantong
openeuler-sync-bot
parent
cdaed5406f
commit
491cf8834f
64
backport-CVE-2022-28739.patch
Normal file
64
backport-CVE-2022-28739.patch
Normal file
@ -0,0 +1,64 @@
|
||||
From 69f9992ed41920389d4185141a14f02f89a4d306 Mon Sep 17 00:00:00 2001
|
||||
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
|
||||
Date: Tue, 12 Apr 2022 11:49:45 +0000
|
||||
Subject: [PATCH] Fix dtoa buffer overrun
|
||||
|
||||
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
||||
---
|
||||
test/ruby/test_float.rb | 18 ++++++++++++++++++
|
||||
util.c | 3 ++-
|
||||
2 files changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
|
||||
index 7fabfd3..78c63c2 100644
|
||||
--- a/test/ruby/test_float.rb
|
||||
+++ b/test/ruby/test_float.rb
|
||||
@@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase
|
||||
assert_raise(ArgumentError, n += z + "A") {Float(n)}
|
||||
assert_raise(ArgumentError, n += z + ".0") {Float(n)}
|
||||
end
|
||||
+
|
||||
+ x = nil
|
||||
+ 2000.times do
|
||||
+ x = Float("0x"+"0"*30)
|
||||
+ break unless x == 0.0
|
||||
+ end
|
||||
+ assert_equal(0.0, x, ->{"%a" % x})
|
||||
+ x = nil
|
||||
+ 2000.times do
|
||||
+ begin
|
||||
+ x = Float("0x1."+"0"*270)
|
||||
+ rescue ArgumentError => e
|
||||
+ raise unless /"0x1\.0{270}"/ =~ e.message
|
||||
+ else
|
||||
+ break
|
||||
+ end
|
||||
+ end
|
||||
+ assert_nil(x, ->{"%a" % x})
|
||||
end
|
||||
|
||||
def test_divmod
|
||||
diff --git a/util.c b/util.c
|
||||
index 2222744..f1d910f 100644
|
||||
--- a/util.c
|
||||
+++ b/util.c
|
||||
@@ -2046,6 +2046,7 @@ break2:
|
||||
if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
|
||||
if (*s == '0') {
|
||||
while (*++s == '0');
|
||||
+ if (!*s) goto ret;
|
||||
s1 = strchr(hexdigit, *s);
|
||||
}
|
||||
if (s1 != NULL) {
|
||||
@@ -2068,7 +2069,7 @@ break2:
|
||||
for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
|
||||
adj += aadj * ((s1 - hexdigit) & 15);
|
||||
if ((aadj /= 16) == 0.0) {
|
||||
- while (strchr(hexdigit, *++s));
|
||||
+ while (*++s && strchr(hexdigit, *s));
|
||||
break;
|
||||
}
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: ruby
|
||||
Version: 2.5.8
|
||||
Release: 115
|
||||
Release: 116
|
||||
Summary: Object-oriented scripting language interpreter
|
||||
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
|
||||
URL: https://www.ruby-lang.org/
|
||||
@ -45,6 +45,7 @@ Patch6001: backport-0002-CVE-2021-28965.patch
|
||||
Patch6002: backport-CVE-2021-31799.patch
|
||||
Patch6003: backport-CVE-2021-31810.patch
|
||||
Patch6004: backport-CVE-2021-32066.patch
|
||||
Patch6005: backport-CVE-2022-28739.patch
|
||||
|
||||
Provides: %{name}-libs = %{version}-%{release}
|
||||
Obsoletes: %{name}-libs < %{version}-%{release}
|
||||
@ -582,6 +583,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
|
||||
%exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
|
||||
|
||||
%changelog
|
||||
* Fri May 27 2022 shixuantong <shixuantong@h-partners.com> - 2.5.8-116
|
||||
- fix CVE-2022-28739
|
||||
|
||||
* Fri Jan 14 2022 yaoxin <yaoxin30@huawei.com> - 2.5.8-115
|
||||
- Fix CVE-2021-41819
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user