From 50b85f6b1b5f90c25355706c303480aead36f5ea Mon Sep 17 00:00:00 2001 From: Jean Boussier Date: Mon, 15 Nov 2021 11:37:40 +0100 Subject: [PATCH] [PATCH] `Date._(nil)` should return an empty Hash Fix: https://github.com/ruby/date/issues/39 This is how versions previous to 3.2.1 behaved and Active Support currently rely on this behavior. https://github.com/rails/rails/blob/90357af08048ef5076730505f6e7b14a81f33d0c/activesupport/lib/active_support/values/time_zone.rb#L383-L384 Any Rails application upgrading to date `3.2.1` might run into unexpected errors. Gbp-Pq: Name CVE-2021-41817-followup.patch --- ext/date/date_core.c | 3 +++ test/date/test_date_parse.rb | 42 ++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/ext/date/date_core.c b/ext/date/date_core.c index aa0dc4e..e9add05 100644 --- a/ext/date/date_core.c +++ b/ext/date/date_core.c @@ -4305,6 +4305,9 @@ get_limit(VALUE opt) static void check_limit(VALUE str, VALUE opt) { + if (NIL_P(str)) return; + if (SYMBOL_P(str)) str = rb_sym2str(str); + StringValue(str); size_t slen = RSTRING_LEN(str); size_t limit = get_limit(opt); diff --git a/test/date/test_date_parse.rb b/test/date/test_date_parse.rb index ee53431..330ba9f 100644 --- a/test/date/test_date_parse.rb +++ b/test/date/test_date_parse.rb @@ -824,6 +824,13 @@ class TestDateParse < Test::Unit::TestCase h = Date._iso8601('') assert_equal({}, h) + + h = Date._iso8601(nil) + assert_equal({}, h) + + h = Date._iso8601('01-02-03T04:05:06Z'.to_sym) + assert_equal([2001, 2, 3, 4, 5, 6, 0], + h.values_at(:year, :mon, :mday, :hour, :min, :sec, :offset)) end def test__rfc3339 @@ -839,6 +846,13 @@ class TestDateParse < Test::Unit::TestCase h = Date._rfc3339('') assert_equal({}, h) + + h = Date._rfc3339(nil) + assert_equal({}, h) + + h = Date._rfc3339('2001-02-03T04:05:06Z'.to_sym) + assert_equal([2001, 2, 3, 4, 5, 6, 0], + h.values_at(:year, :mon, :mday, :hour, :min, :sec, :offset)) end def test__xmlschema @@ -921,6 +935,13 @@ class TestDateParse < Test::Unit::TestCase h = Date._xmlschema('') assert_equal({}, h) + + h = Date._xmlschema(nil) + assert_equal({}, h) + + h = Date._xmlschema('2001-02-03'.to_sym) + assert_equal([2001, 2, 3, nil, nil, nil, nil], + h.values_at(:year, :mon, :mday, :hour, :min, :sec, :offset)) end def test__rfc2822 @@ -953,6 +974,13 @@ class TestDateParse < Test::Unit::TestCase h = Date._rfc2822('') assert_equal({}, h) + + h = Date._rfc2822(nil) + assert_equal({}, h) + + h = Date._rfc2822('Sat, 3 Feb 2001 04:05:06 UT'.to_sym) + assert_equal([2001, 2, 3, 4, 5, 6, 0], + h.values_at(:year, :mon, :mday, :hour, :min, :sec, :offset)) end def test__httpdate @@ -973,6 +1001,13 @@ class TestDateParse < Test::Unit::TestCase h = Date._httpdate('') assert_equal({}, h) + + h = Date._httpdate(nil) + assert_equal({}, h) + + h = Date._httpdate('Sat, 03 Feb 2001 04:05:06 GMT'.to_sym) + assert_equal([2001, 2, 3, 4, 5, 6, 0], + h.values_at(:year, :mon, :mday, :hour, :min, :sec, :offset)) end def test__jisx0301 @@ -1001,6 +1036,13 @@ class TestDateParse < Test::Unit::TestCase h = Date._jisx0301('') assert_equal({}, h) + + h = Date._jisx0301(nil) + assert_equal({}, h) + + h = Date._jisx0301('H13.02.03T04:05:06.07+0100'.to_sym) + assert_equal([2001, 2, 3, 4, 5, 6, 3600], + h.values_at(:year, :mon, :mday, :hour, :min, :sec, :offset)) end def test_iso8601 -- 2.30.2