packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ruby/backport-0002-CVE-2021-41817.patch
shixuantong 5cf8152653 fix CVE-2021-41817
2024-12-19 17:07:07 +08:00

102 lines
2.5 KiB
Diff
Raw Blame History

From fa674cf7230e40bc96625ee97a6057e48bb20f0f Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Mon, 15 Nov 2021 11:37:40 +0100
Subject: [PATCH] [ruby/date] `Date._<format>(nil)` should return an empty Hash
Fix: https://github.com/ruby/date/issues/39
This is how versions previous to 3.2.1 behaved and Active Support
currently rely on this behavior.
https://github.com/rails/rails/blob/90357af08048ef5076730505f6e7b14a81f33d0c/activesupport/lib/active_support/values/time_zone.rb#L383-L384
Any Rails application upgrading to date `3.2.1` might run into unexpected errors.
https://github.com/ruby/date/commit/8f2d7a0c7e
---
ext/date/date_core.c | 2 ++
test/date/test_date_parse.rb | 18 ++++++++++++++++++
2 files changed, 20 insertions(+)
diff --git a/ext/date/date_core.c b/ext/date/date_core.c
index 177ea0f..516640b 100644
--- a/ext/date/date_core.c
+++ b/ext/date/date_core.c
@@ -4304,6 +4304,8 @@ get_limit(VALUE opt)
static void
check_limit(VALUE str, VALUE opt)
{
+ if (NIL_P(str)) return;
+
StringValue(str);
size_t slen = RSTRING_LEN(str);
size_t limit = get_limit(opt);
diff --git a/test/date/test_date_parse.rb b/test/date/test_date_parse.rb
index f9b160e..dfc018b 100644
--- a/test/date/test_date_parse.rb
+++ b/test/date/test_date_parse.rb
@@ -824,6 +824,9 @@ class TestDateParse < Test::Unit::TestCase
h = Date._iso8601('')
assert_equal({}, h)
+
+ h = Date._iso8601(nil)
+ assert_equal({}, h)
end
def test__rfc3339
@@ -839,6 +842,9 @@ class TestDateParse < Test::Unit::TestCase
h = Date._rfc3339('')
assert_equal({}, h)
+
+ h = Date._rfc3339(nil)
+ assert_equal({}, h)
end
def test__xmlschema
@@ -921,6 +927,9 @@ class TestDateParse < Test::Unit::TestCase
h = Date._xmlschema('')
assert_equal({}, h)
+
+ h = Date._xmlschema(nil)
+ assert_equal({}, h)
end
def test__rfc2822
@@ -953,6 +962,9 @@ class TestDateParse < Test::Unit::TestCase
h = Date._rfc2822('')
assert_equal({}, h)
+
+ h = Date._rfc2822(nil)
+ assert_equal({}, h)
end
def test__httpdate
@@ -973,6 +985,9 @@ class TestDateParse < Test::Unit::TestCase
h = Date._httpdate('')
assert_equal({}, h)
+
+ h = Date._httpdate(nil)
+ assert_equal({}, h)
end
def test__jisx0301
@@ -1001,6 +1016,9 @@ class TestDateParse < Test::Unit::TestCase
h = Date._jisx0301('')
assert_equal({}, h)
+
+ h = Date._jisx0301(nil)
+ assert_equal({}, h)
end
def test_iso8601
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink