packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!77 [sync] PR-74: fix CVE-2022-28739

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @shinwell_hu 
Signed-off-by: @shinwell_hu
This commit is contained in:
openeuler-ci-bot 2022-06-06 08:01:23 +00:00 committed by Gitee
commit be0fc2fb29
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
backport-CVE-2022-28739.patch Normal file
View File

@ -0,0 +1,64 @@
From 69f9992ed41920389d4185141a14f02f89a4d306 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 12 Apr 2022 11:49:45 +0000
Subject: [PATCH] Fix dtoa buffer overrun
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/ruby/test_float.rb | 18 ++++++++++++++++++
util.c | 3 ++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
index 7fabfd3..78c63c2 100644
--- a/test/ruby/test_float.rb
+++ b/test/ruby/test_float.rb
@@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase
assert_raise(ArgumentError, n += z + "A") {Float(n)}
assert_raise(ArgumentError, n += z + ".0") {Float(n)}
end
+
+ x = nil
+ 2000.times do
+ x = Float("0x"+"0"*30)
+ break unless x == 0.0
+ end
+ assert_equal(0.0, x, ->{"%a" % x})
+ x = nil
+ 2000.times do
+ begin
+ x = Float("0x1."+"0"*270)
+ rescue ArgumentError => e
+ raise unless /"0x1\.0{270}"/ =~ e.message
+ else
+ break
+ end
+ end
+ assert_nil(x, ->{"%a" % x})
end
def test_divmod
diff --git a/util.c b/util.c
index 2222744..f1d910f 100644
--- a/util.c
+++ b/util.c
@@ -2046,6 +2046,7 @@ break2:
if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
if (*s == '0') {
while (*++s == '0');
+ if (!*s) goto ret;
s1 = strchr(hexdigit, *s);
}
if (s1 != NULL) {
@@ -2068,7 +2069,7 @@ break2:
for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
adj += aadj * ((s1 - hexdigit) & 15);
if ((aadj /= 16) == 0.0) {
- while (strchr(hexdigit, *++s));
+ while (*++s && strchr(hexdigit, *s));
break;
}
}
--
1.8.3.1

6
ruby.spec
View File

@ -1,6 +1,6 @@
Name: ruby
Version: 2.5.8
Release: 115
Release: 116
Summary: Object-oriented scripting language interpreter
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
URL: https://www.ruby-lang.org/
@ -45,6 +45,7 @@ Patch6001: backport-0002-CVE-2021-28965.patch
Patch6002: backport-CVE-2021-31799.patch
Patch6003: backport-CVE-2021-31810.patch
Patch6004: backport-CVE-2021-32066.patch
Patch6005: backport-CVE-2022-28739.patch
Provides: %{name}-libs = %{version}-%{release}
Obsoletes: %{name}-libs < %{version}-%{release}
@ -582,6 +583,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
%changelog
* Fri May 27 2022 shixuantong <shixuantong@h-partners.com> - 2.5.8-116
- fix CVE-2022-28739
* Fri Jan 14 2022 yaoxin <yaoxin30@huawei.com> - 2.5.8-115
- Fix CVE-2021-41819