upstream/oracle/userland-gate: components/ruby/ruby-21/patches/13-CVE-2015-7551.patch@195b4d212ec3 (annotated)

5743 195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	1	Patches from upstream to fix CVE-2015-7551.
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	2
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	3	See:
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	4
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	5	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7551
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	6
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	7	for more details.
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	8
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	9	Based on the ruby 2.1 commit at:
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	10
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	11	https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	12
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	13	--- ruby-2.1.6/ext/fiddle/handle.c.orig 2016-04-06 05:46:29.137190481 -0700
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	14	+++ ruby-2.1.6/ext/fiddle/handle.c 2016-04-06 06:15:33.342534009 -0700
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	15	@@ -1,6 +1,8 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	16	#include <ruby.h>
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	17	#include <fiddle.h>
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	18
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	19	+#define SafeStringValueCStr(v) (rb_check_safe_obj(rb_string_value(&v)), StringValueCStr(v))
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	20	+
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	21	VALUE rb_cHandle;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	22
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	23	struct dl_handle {
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	24	@@ -143,11 +145,11 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	25	cflag = RTLD_LAZY \| RTLD_GLOBAL;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	26	break;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	27	case 1:
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	28	- clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	29	+ clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	30	cflag = RTLD_LAZY \| RTLD_GLOBAL;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	31	break;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	32	case 2:
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	33	- clib = NIL_P(lib) ? NULL : StringValuePtr(lib);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	34	+ clib = NIL_P(lib) ? NULL : SafeStringValueCStr(lib);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	35	cflag = NUM2INT(flag);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	36	break;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	37	default:
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	38	@@ -263,7 +265,7 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	39	return PTR2NUM(fiddle_handle);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	40	}
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	41
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	42	-static VALUE fiddle_handle_sym(void handle, const char symbol);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	43	+static VALUE fiddle_handle_sym(void *handle, VALUE symbol);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	44
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	45	/*
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	46	* Document-method: sym
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	47	@@ -282,7 +284,7 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	48	rb_raise(rb_eFiddleError, "closed handle");
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	49	}
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	50
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	51	- return fiddle_handle_sym(fiddle_handle->ptr, StringValueCStr(sym));
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	52	+ return fiddle_handle_sym(fiddle_handle->ptr, sym);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	53	}
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	54
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	55	#ifndef RTLD_NEXT
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	56	@@ -305,11 +307,11 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	57	static VALUE
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	58	rb_fiddle_handle_s_sym(VALUE self, VALUE sym)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	59	{
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	60	- return fiddle_handle_sym(RTLD_NEXT, StringValueCStr(sym));
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	61	+ return fiddle_handle_sym(RTLD_NEXT, sym);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	62	}
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	63
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	64	static VALUE
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	65	-fiddle_handle_sym(void handle, const char name)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	66	+fiddle_handle_sym(void *handle, VALUE symbol)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	67	{
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	68	#if defined(HAVE_DLERROR)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	69	const char *err;
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	70	@@ -318,6 +320,7 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	71	# define CHECK_DLERROR
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	72	#endif
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	73	void (*func)();
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	74	+ const char *name = SafeStringValueCStr(symbol);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	75
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	76	rb_secure(2);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	77	#ifdef HAVE_DLERROR
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	78	@@ -367,7 +370,7 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	79	}
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	80	#endif
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	81	if( !func ){
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	82	- rb_raise(rb_eFiddleError, "unknown symbol \"%s\"", name);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	83	+ rb_raise(rb_eFiddleError, "unknown symbol \"%"PRIsVALUE"\"", symbol);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	84	}
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	85
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	86	return PTR2NUM(func);
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	87	--- ruby-2.1.6/test/fiddle/test_handle.rb.orig 2016-04-06 05:48:53.672048772 -0700
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	88	+++ ruby-2.1.6/test/fiddle/test_handle.rb 2016-04-06 05:49:32.100668554 -0700
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	89	@@ -10,6 +10,23 @@
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	90
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	91	include Test::Unit::Assertions
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	92
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	93	+ def test_safe_handle_open
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	94	+ t = Thread.new do
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	95	+ $SAFE = 1
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	96	+ Fiddle::Handle.new(LIBC_SO.taint)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	97	+ end
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	98	+ assert_raise(SecurityError) { t.value }
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	99	+ end
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	100	+
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	101	+ def test_safe_function_lookup
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	102	+ t = Thread.new do
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	103	+ h = Fiddle::Handle.new(LIBC_SO)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	104	+ $SAFE = 1
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	105	+ h["qsort".taint]
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	106	+ end
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	107	+ assert_raise(SecurityError) { t.value }
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	108	+ end
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	109	+
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	110	def test_to_i
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	111	handle = Fiddle::Handle.new(LIBC_SO)
195b4d212ec3 23005070 problem in UTILITY/RUBY Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	112	assert_kind_of Integer, handle.to_i

author	Rich Burridge <rich.burridge@oracle.com>
	Thu, 07 Apr 2016 14:59:33 -0700
changeset 5743	195b4d212ec3
permissions	-rw-r--r--