Fix for wrong fnmatch patttern

Origin: https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15845

* dir.c (file_s_fnmatch): ensure that pattern does not contain a
  NUL character.  https://hackerone.com/reports/449617

Gbp-Pq: Name Fix-for-wrong-fnmatch-patttern.patch

diff --git a/dir.c b/dir.c
index ed72b76882253929bd8a3f3150ffda0c92f3f0c5..7db7714ab6f990e1931c348c597257027caf455d 100644 (file)
--- a/dir.c
+++ b/dir.c
@@ -2529,7 +2529,7 @@ file_s_fnmatch(int argc, VALUE *argv, VALUE obj)
     else
        flags = 0;
 
-    StringValue(pattern);
+    StringValueCStr(pattern);
     FilePathStringValue(path);
 
     if (flags & FNM_EXTGLOB) {

diff --git a/test/ruby/test_fnmatch.rb b/test/ruby/test_fnmatch.rb
index ca01a286989a2092d3b4044ef1b827b98fa8a00b..30250b5a1933a7c13fbc4fe65b713f87179a6316 100644 (file)
--- a/test/ruby/test_fnmatch.rb
+++ b/test/ruby/test_fnmatch.rb
@@ -129,4 +129,10 @@ class TestFnmatch < Test::Unit::TestCase
     assert_file.fnmatch("[a-\u3042]*", "\u3042")
     assert_file.not_fnmatch("[a-\u3042]*", "\u3043")
   end
+
+  def test_nullchar
+    assert_raise(ArgumentError) {
+      File.fnmatch("a\0z", "a")
+    }
+  end
 end