Blame ruby-1.8.7-p358-CVE-2012-4464-4466.patch
|
TASAKA Mamoru |
f95865c |
Backported fix for CVE-2012-4464,4466 on trunk:rev37068 to 1.8.7 branch.
|
|
TASAKA Mamoru |
f95865c |
Note that for ruby-1.8 branch, there was a fix for CVE-2011-1005 on rev 30903,
|
|
TASAKA Mamoru |
f95865c |
however the fix proved to be incomplete.
|
|
TASAKA Mamoru |
f95865c |
|
|
TASAKA Mamoru |
f95865c |
Mamoru Tasaka <mtasaka@fedoraproject.org>
|
|
TASAKA Mamoru |
f95865c |
|
|
TASAKA Mamoru |
f95865c |
|
|
TASAKA Mamoru |
f95865c |
--- ruby-1.8.7-p358/error.c.sec 2011-02-18 21:32:35.000000000 +0900
|
|
TASAKA Mamoru |
f95865c |
+++ ruby-1.8.7-p358/error.c 2012-10-04 23:58:12.000000000 +0900
|
|
TASAKA Mamoru |
f95865c |
@@ -665,9 +665,11 @@
|
|
TASAKA Mamoru |
f95865c |
|
|
TASAKA Mamoru |
f95865c |
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
|
TASAKA Mamoru |
f95865c |
StringValue(str);
|
|
TASAKA Mamoru |
f95865c |
+#if 0
|
|
TASAKA Mamoru |
f95865c |
if (str != mesg) {
|
|
TASAKA Mamoru |
f95865c |
OBJ_INFECT(str, mesg);
|
|
TASAKA Mamoru |
f95865c |
}
|
|
TASAKA Mamoru |
f95865c |
+#endif
|
|
TASAKA Mamoru |
f95865c |
return str;
|
|
TASAKA Mamoru |
f95865c |
}
|
|
TASAKA Mamoru |
f95865c |
|
|
TASAKA Mamoru |
f95865c |
@@ -757,7 +759,6 @@
|
|
TASAKA Mamoru |
f95865c |
args[2] = d;
|
|
TASAKA Mamoru |
f95865c |
mesg = rb_f_sprintf(3, args);
|
|
TASAKA Mamoru |
f95865c |
}
|
|
TASAKA Mamoru |
f95865c |
- if (OBJ_TAINTED(obj)) OBJ_TAINT(mesg);
|
|
TASAKA Mamoru |
f95865c |
return mesg;
|
|
TASAKA Mamoru |
f95865c |
}
|
|
TASAKA Mamoru |
f95865c |
|