From f407b4fbc80311c6ebe46a1357672c6abd81ebd6 Mon Sep 17 00:00:00 2001 From: Antonio Terceiro Date: Sun, 15 Dec 2019 16:28:25 +0000 Subject: [PATCH] debian-changes This patch file represents the entire difference between the package as shipped by Debian and the official upstream sources. The goal is to maintain this file as small as possible, avoiding non-upstreamed patches at all costs. The Debian packaging is maintained in the following Git repository: http://anonscm.debian.org/gitweb/?p=collab-maint/ruby.git To obtain a view of the individual commits that affect non-Debian-specific files, you can clone that repository, and from the master branch, run: $ ./debian/upstream-changes Gbp-Pq: Name debian-changes --- configure.in | 2 +- dir.c | 22 +- ext/bigdecimal/bigdecimal.gemspec | 3 +- ext/io/console/io-console.gemspec | 3 +- ext/json/generator/generator.c | 12 +- ext/json/generator/generator.h | 1 - ext/json/json.gemspec | 1 + ext/json/lib/json/version.rb | 2 +- ext/openssl/ossl_asn1.c | 13 +- ext/openssl/ossl_cipher.c | 22 +- ext/openssl/ossl_x509name.c | 2 +- ext/socket/unixsocket.c | 24 +- lib/mkmf.rb | 2 +- lib/net/ftp.rb | 10 +- lib/net/smtp.rb | 9 + lib/rdoc/generator/json_index.rb | 4 +- lib/rdoc/rdoc.gemspec | 1 + lib/rdoc/rdoc.rb | 2 +- lib/resolv.rb | 2 +- lib/rubygems.rb | 5 +- lib/rubygems/commands/owner_command.rb | 2 +- lib/rubygems/commands/query_command.rb | 5 +- lib/rubygems/config_file.rb | 2 +- lib/rubygems/installer.rb | 7 + lib/rubygems/package.rb | 39 ++- lib/rubygems/package/old.rb | 2 +- lib/rubygems/package/tar_header.rb | 23 +- lib/rubygems/package/tar_writer.rb | 2 + lib/rubygems/remote_fetcher.rb | 2 +- lib/rubygems/safe_yaml.rb | 48 ++++ lib/rubygems/server.rb | 14 +- lib/rubygems/specification.rb | 33 ++- lib/rubygems/text.rb | 15 +- lib/tmpdir.rb | 2 + lib/webrick/httpauth/digestauth.rb | 8 +- lib/webrick/httprequest.rb | 23 +- lib/webrick/httpresponse.rb | 95 +++++-- lib/webrick/httpserver.rb | 4 +- lib/webrick/httpservlet/cgihandler.rb | 4 +- lib/webrick/httpservlet/filehandler.rb | 65 +++-- lib/webrick/httpstatus.rb | 4 - lib/webrick/log.rb | 4 +- pack.c | 21 +- sprintf.c | 37 ++- test/excludes/Rinda/TestRingFinger.rb | 3 + test/excludes/Rinda/TestRingServer.rb | 3 + test/excludes/TestProcess.rb | 5 + test/excludes/TestRefinement.rb | 2 + test/excludes/TestTimeTZ.rb | 4 + test/net/ftp/test_ftp.rb | 252 ++++++++++++++++++ test/net/imap/cacert.pem | 86 ++---- test/net/imap/server.crt | 110 +++++--- test/net/imap/server.key | 43 +-- test/net/smtp/test_smtp.rb | 47 ++++ test/openssl/test_asn1.rb | 23 ++ test/openssl/test_cipher.rb | 29 +- test/openssl/test_x509name.rb | 14 +- test/ruby/test_array.rb | 3 +- test/ruby/test_dir.rb | 5 + test/ruby/test_file_exhaustive.rb | 2 +- test/ruby/test_gc.rb | 4 +- test/ruby/test_pack.rb | 26 ++ test/ruby/test_sprintf.rb | 52 ++++ test/ruby/test_time_tz.rb | 51 +++- .../test_gem_commands_owner_command.rb | 25 ++ .../test_gem_commands_query_command.rb | 80 ++++++ test/rubygems/test_gem_installer.rb | 20 ++ test/rubygems/test_gem_package.rb | 74 ++++- test/rubygems/test_gem_package_tar_header.rb | 21 ++ test/rubygems/test_gem_remote_fetcher.rb | 15 ++ test/rubygems/test_gem_server.rb | 165 ++++++++++++ test/rubygems/test_gem_specification.rb | 49 +++- test/rubygems/test_gem_text.rb | 11 + test/socket/test_unix.rb | 10 + test/test_tempfile.rb | 28 +- test/test_tmpdir.rb | 17 ++ test/webrick/test_filehandler.rb | 31 ++- test/webrick/test_httpauth.rb | 126 ++++++++- test/webrick/test_httpresponse.rb | 55 ++++ test/webrick/test_httpserver.rb | 92 +++++++ thread_pthread.c | 16 +- 81 files changed, 1870 insertions(+), 332 deletions(-) create mode 100644 lib/rubygems/safe_yaml.rb create mode 100644 test/excludes/Rinda/TestRingFinger.rb create mode 100644 test/excludes/Rinda/TestRingServer.rb create mode 100644 test/excludes/TestProcess.rb create mode 100644 test/excludes/TestRefinement.rb create mode 100644 test/excludes/TestTimeTZ.rb diff --git a/configure.in b/configure.in index 29b63c2..cc1001f 100644 --- a/configure.in +++ b/configure.in @@ -3686,7 +3686,7 @@ AS_CASE("$enable_shared", [yes], [ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so' ], [linux* | gnu* | k*bsd*-gnu | atheos* | kopensolaris*-gnu | haiku*], [ - LIBRUBY_DLDFLAGS='-Wl,-soname,lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR)'" $LDFLAGS_OPTDIR" + LIBRUBY_DLDFLAGS='-Wl,-soname,lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR)'" $LDFLAGS $LDFLAGS_OPTDIR" LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so' if test "$load_relative" = yes; then libprefix="'\$\${ORIGIN}/../${libdir_basename}'" diff --git a/dir.c b/dir.c index 6a63172..ed72b76 100644 --- a/dir.c +++ b/dir.c @@ -449,15 +449,6 @@ static const rb_data_type_t dir_data_type = { static VALUE dir_close(VALUE); -#define GlobPathValue(str, safe) \ - /* can contain null bytes as separators */ \ - (!RB_TYPE_P((str), T_STRING) ? \ - (void)FilePathValue(str) : \ - (void)(check_safe_glob((str), (safe)), \ - check_glob_encoding(str), (str))) -#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0) -#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding())) - static VALUE dir_s_alloc(VALUE klass) { @@ -506,7 +497,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir) } } - GlobPathValue(dirname, FALSE); + FilePathValue(dirname); orig = rb_str_dup_frozen(dirname); dirname = rb_str_encode_ospath(dirname); dirname = rb_str_dup_frozen(dirname); @@ -2175,7 +2166,14 @@ rb_push_glob(VALUE str, int flags) /* '\0' is delimiter */ long offset = 0; VALUE ary; - GlobPathValue(str, TRUE); + /* can contain null bytes as separators */ + if (!RB_TYPE_P((str), T_STRING)) { + FilePathValue(str); + } + else { + rb_check_safe_obj(str); + rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding())); + } ary = rb_ary_new(); while (offset < RSTRING_LEN(str)) { @@ -2205,7 +2203,7 @@ dir_globs(long argc, const VALUE *argv, int flags) for (i = 0; i < argc; ++i) { int status; VALUE str = argv[i]; - GlobPathValue(str, TRUE); + FilePathValue(str); status = push_glob(ary, str, flags); if (status) GLOB_JUMP_TAG(status); } diff --git a/ext/bigdecimal/bigdecimal.gemspec b/ext/bigdecimal/bigdecimal.gemspec index 1666325..9371d0b 100644 --- a/ext/bigdecimal/bigdecimal.gemspec +++ b/ext/bigdecimal/bigdecimal.gemspec @@ -1,11 +1,10 @@ # -*- ruby -*- _VERSION = "1.2.8" -date = %w$Date:: $[1] Gem::Specification.new do |s| s.name = "bigdecimal" s.version = _VERSION - s.date = date + s.date = RUBY_RELEASE_DATE s.license = 'ruby' s.summary = "Arbitrary-precision decimal floating-point number library." s.homepage = "http://www.ruby-lang.org" diff --git a/ext/io/console/io-console.gemspec b/ext/io/console/io-console.gemspec index 2c5ce6b..6251477 100644 --- a/ext/io/console/io-console.gemspec +++ b/ext/io/console/io-console.gemspec @@ -1,11 +1,10 @@ # -*- ruby -*- _VERSION = "0.4.5" -date = %w$Date:: $[1] Gem::Specification.new do |s| s.name = "io-console" s.version = _VERSION - s.date = date + s.date = RUBY_RELEASE_DATE s.summary = "Console interface" s.email = "nobu@ruby-lang.org" s.description = "add console capabilities to IO instances." diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c index a135e28..2cdca56 100644 --- a/ext/json/generator/generator.c +++ b/ext/json/generator/generator.c @@ -301,7 +301,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { char *result; if (len <= 0) return NULL; result = ALLOC_N(char, len); - memccpy(result, ptr, 0, len); + memcpy(result, ptr, len); return result; } @@ -1055,7 +1055,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) } } else { if (state->indent) ruby_xfree(state->indent); - state->indent = strdup(RSTRING_PTR(indent)); + state->indent = fstrndup(RSTRING_PTR(indent), len); state->indent_len = len; } return Qnil; @@ -1093,7 +1093,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) } } else { if (state->space) ruby_xfree(state->space); - state->space = strdup(RSTRING_PTR(space)); + state->space = fstrndup(RSTRING_PTR(space), len); state->space_len = len; } return Qnil; @@ -1129,7 +1129,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) } } else { if (state->space_before) ruby_xfree(state->space_before); - state->space_before = strdup(RSTRING_PTR(space_before)); + state->space_before = fstrndup(RSTRING_PTR(space_before), len); state->space_before_len = len; } return Qnil; @@ -1166,7 +1166,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) } } else { if (state->object_nl) ruby_xfree(state->object_nl); - state->object_nl = strdup(RSTRING_PTR(object_nl)); + state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); state->object_nl_len = len; } return Qnil; @@ -1201,7 +1201,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) } } else { if (state->array_nl) ruby_xfree(state->array_nl); - state->array_nl = strdup(RSTRING_PTR(array_nl)); + state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); state->array_nl_len = len; } return Qnil; diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h index 298c0a4..6bbf817 100644 --- a/ext/json/generator/generator.h +++ b/ext/json/generator/generator.h @@ -1,7 +1,6 @@ #ifndef _GENERATOR_H_ #define _GENERATOR_H_ -#include #include #include diff --git a/ext/json/json.gemspec b/ext/json/json.gemspec index 9fb6fa1..f52da67 100644 --- a/ext/json/json.gemspec +++ b/ext/json/json.gemspec @@ -1,6 +1,7 @@ Gem::Specification.new do |s| s.name = "json" s.version = "1.8.3" + s.date = RUBY_RELEASE_DATE s.summary = "This json is bundled with Ruby" s.executables = [] s.files = ["json.rb", "json/add/bigdecimal.rb", "json/add/complex.rb", "json/add/core.rb", "json/add/date.rb", "json/add/date_time.rb", "json/add/exception.rb", "json/add/ostruct.rb", "json/add/range.rb", "json/add/rational.rb", "json/add/regexp.rb", "json/add/struct.rb", "json/add/symbol.rb", "json/add/time.rb", "json/common.rb", "json/ext.rb", "json/ext/generator.bundle", "json/ext/parser.bundle", "json/generic_object.rb", "json/version.rb"] diff --git a/ext/json/lib/json/version.rb b/ext/json/lib/json/version.rb index b574833..cd7ddf8 100644 --- a/ext/json/lib/json/version.rb +++ b/ext/json/lib/json/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false module JSON # JSON version - VERSION = '1.8.3' + VERSION = '1.8.3.1' VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc: VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc: VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 89da594..4444401 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -870,19 +870,18 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length, { VALUE value, asn1data, ary; int infinite; - long off = *offset; + long available_len, off = *offset; infinite = (j == 0x21); ary = rb_ary_new(); - while (length > 0 || infinite) { + available_len = infinite ? max_len : length; + while (available_len > 0) { long inner_read = 0; - value = ossl_asn1_decode0(pp, max_len, &off, depth + 1, yield, &inner_read); + value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read); *num_read += inner_read; - max_len -= inner_read; + available_len -= inner_read; rb_ary_push(ary, value); - if (length > 0) - length -= inner_read; if (infinite && NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC && @@ -973,7 +972,7 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth, if(j & V_ASN1_CONSTRUCTED) { *pp += hlen; off += hlen; - asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read); + asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read); inner_read += hlen; } else { diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 09b021d..24b8467 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -34,6 +34,7 @@ */ VALUE cCipher; VALUE eCipherError; +static ID id_key_set; static VALUE ossl_cipher_alloc(VALUE klass); static void ossl_cipher_free(void *ptr); @@ -114,7 +115,6 @@ ossl_cipher_initialize(VALUE self, VALUE str) EVP_CIPHER_CTX *ctx; const EVP_CIPHER *cipher; char *name; - unsigned char key[EVP_MAX_KEY_LENGTH]; name = StringValuePtr(str); GetCipherInit(self, ctx); @@ -126,14 +126,7 @@ ossl_cipher_initialize(VALUE self, VALUE str) if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name); } - /* - * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows - * uninitialized key, but other EVPs (such as AES) does not allow it. - * Calling EVP_CipherUpdate() without initializing key causes SEGV so we - * set the data filled with "\0" as the key by default. - */ - memset(key, 0, EVP_MAX_KEY_LENGTH); - if (EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return self; @@ -252,6 +245,9 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode) ossl_raise(eCipherError, NULL); } + if (p_key) + rb_ivar_set(self, id_key_set, Qtrue); + return self; } @@ -338,6 +334,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) OPENSSL_cleanse(key, sizeof key); OPENSSL_cleanse(iv, sizeof iv); + rb_ivar_set(self, id_key_set, Qtrue); + return Qnil; } @@ -390,6 +388,8 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self) VALUE data, str; rb_scan_args(argc, argv, "11", &data, &str); + if (!RTEST(rb_attr_get(self, id_key_set))) + ossl_raise(eCipherError, "key not set"); StringValue(data); in = (unsigned char *)RSTRING_PTR(data); @@ -490,6 +490,8 @@ ossl_cipher_set_key(VALUE self, VALUE key) if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1) ossl_raise(eCipherError, NULL); + rb_ivar_set(self, id_key_set, Qtrue); + return key; } @@ -1008,4 +1010,6 @@ Init_ossl_cipher(void) rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0); rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1); + + id_key_set = rb_intern_const("key_set"); } diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index a0e28e2..d4e85a8 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -339,7 +339,7 @@ ossl_x509name_cmp(VALUE self, VALUE other) result = ossl_x509name_cmp0(self, other); if (result < 0) return INT2FIX(-1); - if (result > 1) return INT2FIX(1); + if (result > 0) return INT2FIX(1); return INT2FIX(0); } diff --git a/ext/socket/unixsocket.c b/ext/socket/unixsocket.c index f73f127..b92d9be 100644 --- a/ext/socket/unixsocket.c +++ b/ext/socket/unixsocket.c @@ -25,6 +25,28 @@ unixsock_connect_internal(VALUE a) arg->sockaddrlen, 0); } +static VALUE +unixsock_path_value(VALUE path) +{ +#ifdef __linux__ +#define TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE 0 + + VALUE name = path; +#if TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE + const int isstr = !NIL_P(name = rb_check_string_type(name)); +#else + const int isstr = RB_TYPE_P(name, T_STRING); +#endif + if (isstr) { + if (RSTRING_LEN(name) == 0 || RSTRING_PTR(name)[0] == '\0') { + rb_check_safe_obj(name); + return name; /* ignore encoding */ + } + } +#endif + return rb_get_path(path); +} + VALUE rsock_init_unixsock(VALUE sock, VALUE path, int server) { @@ -33,7 +55,7 @@ rsock_init_unixsock(VALUE sock, VALUE path, int server) int fd, status; rb_io_t *fptr; - SafeStringValue(path); + path = unixsock_path_value(path); INIT_SOCKADDR_UN(&sockaddr, sizeof(struct sockaddr_un)); if (sizeof(sockaddr.sun_path) < (size_t)RSTRING_LEN(path)) { diff --git a/lib/mkmf.rb b/lib/mkmf.rb index 3181b05..2502476 100644 --- a/lib/mkmf.rb +++ b/lib/mkmf.rb @@ -2275,7 +2275,7 @@ LOCAL_LIBS = #{$LOCAL_LIBS} LIBS = #{$LIBRUBYARG} #{$libs} #{$LIBS} ORIG_SRCS = #{orig_srcs.collect(&File.method(:basename)).join(' ')} SRCS = $(ORIG_SRCS) #{(srcs - orig_srcs).collect(&File.method(:basename)).join(' ')} -OBJS = #{$objs.join(" ")} +OBJS = #{$objs.sort.join(" ")} HDRS = #{hdrs.map{|h| '$(srcdir)/' + File.basename(h)}.join(' ')} TARGET = #{target} TARGET_NAME = #{target && target[/\A\w+/]} diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb index bd89956..0437e95 100644 --- a/lib/net/ftp.rb +++ b/lib/net/ftp.rb @@ -622,10 +622,10 @@ module Net if localfile if @resume rest_offset = File.size?(localfile) - f = open(localfile, "a") + f = File.open(localfile, "a") else rest_offset = nil - f = open(localfile, "w") + f = File.open(localfile, "w") end elsif !block_given? result = String.new @@ -655,7 +655,7 @@ module Net f = nil result = nil if localfile - f = open(localfile, "w") + f = File.open(localfile, "w") elsif !block_given? result = String.new end @@ -701,7 +701,7 @@ module Net else rest_offset = nil end - f = open(localfile) + f = File.open(localfile) begin f.binmode if rest_offset @@ -720,7 +720,7 @@ module Net # passing in the transmitted data one line at a time. # def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line - f = open(localfile) + f = File.open(localfile) begin storlines("STOR #{remotefile}", f, &block) ensure diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb index d634274..78f2181 100644 --- a/lib/net/smtp.rb +++ b/lib/net/smtp.rb @@ -926,7 +926,15 @@ module Net private + def validate_line(line) + # A bare CR or LF is not allowed in RFC5321. + if /[\r\n]/ =~ line + raise ArgumentError, "A line must not contain CR or LF" + end + end + def getok(reqline) + validate_line reqline res = critical { @socket.writeline reqline recv_response() @@ -936,6 +944,7 @@ module Net end def get_response(reqline) + validate_line reqline @socket.writeline reqline recv_response() end diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb index 624a2e5..103a938 100644 --- a/lib/rdoc/generator/json_index.rb +++ b/lib/rdoc/generator/json_index.rb @@ -175,7 +175,7 @@ class RDoc::Generator::JsonIndex debug_msg "Writing gzipped search index to %s" % outfile Zlib::GzipWriter.open(outfile) do |gz| - gz.mtime = File.mtime(search_index_file) + gz.mtime = -1 gz.orig_name = search_index_file.basename.to_s gz.write search_index gz.close @@ -193,7 +193,7 @@ class RDoc::Generator::JsonIndex debug_msg "Writing gzipped file to %s" % outfile Zlib::GzipWriter.open(outfile) do |gz| - gz.mtime = File.mtime(dest) + gz.mtime = -1 gz.orig_name = dest.basename.to_s gz.write data gz.close diff --git a/lib/rdoc/rdoc.gemspec b/lib/rdoc/rdoc.gemspec index e1631e2..273d867 100644 --- a/lib/rdoc/rdoc.gemspec +++ b/lib/rdoc/rdoc.gemspec @@ -1,6 +1,7 @@ Gem::Specification.new do |s| s.name = "rdoc" s.version = "4.2.1" + s.date = RUBY_RELEASE_DATE s.summary = "This rdoc is bundled with Ruby" s.executables = ["rdoc", "ri"] s.files = ["rdoc.rb", "rdoc/alias.rb", "rdoc/anon_class.rb", "rdoc/any_method.rb", "rdoc/attr.rb", "rdoc/class_module.rb", "rdoc/code_object.rb", "rdoc/code_objects.rb", "rdoc/comment.rb", "rdoc/constant.rb", "rdoc/context.rb", "rdoc/context/section.rb", "rdoc/cross_reference.rb", "rdoc/encoding.rb", "rdoc/erb_partial.rb", "rdoc/erbio.rb", "rdoc/extend.rb", "rdoc/generator.rb", "rdoc/generator/darkfish.rb", "rdoc/generator/json_index.rb", "rdoc/generator/markup.rb", "rdoc/generator/pot.rb", "rdoc/generator/pot/message_extractor.rb", "rdoc/generator/pot/po.rb", "rdoc/generator/pot/po_entry.rb", "rdoc/generator/ri.rb", "rdoc/ghost_method.rb", "rdoc/i18n.rb", "rdoc/i18n/locale.rb", "rdoc/i18n/text.rb", "rdoc/include.rb", "rdoc/known_classes.rb", "rdoc/markdown.rb", "rdoc/markdown/entities.rb", "rdoc/markdown/literals_1_9.rb", "rdoc/markup.rb", "rdoc/markup/attr_changer.rb", "rdoc/markup/attr_span.rb", "rdoc/markup/attribute_manager.rb", "rdoc/markup/attributes.rb", "rdoc/markup/blank_line.rb", "rdoc/markup/block_quote.rb", "rdoc/markup/document.rb", "rdoc/markup/formatter.rb", "rdoc/markup/formatter_test_case.rb", "rdoc/markup/hard_break.rb", "rdoc/markup/heading.rb", "rdoc/markup/include.rb", "rdoc/markup/indented_paragraph.rb", "rdoc/markup/inline.rb", "rdoc/markup/list.rb", "rdoc/markup/list_item.rb", "rdoc/markup/paragraph.rb", "rdoc/markup/parser.rb", "rdoc/markup/pre_process.rb", "rdoc/markup/raw.rb", "rdoc/markup/rule.rb", "rdoc/markup/special.rb", "rdoc/markup/text_formatter_test_case.rb", "rdoc/markup/to_ansi.rb", "rdoc/markup/to_bs.rb", "rdoc/markup/to_html.rb", "rdoc/markup/to_html_crossref.rb", "rdoc/markup/to_html_snippet.rb", "rdoc/markup/to_joined_paragraph.rb", "rdoc/markup/to_label.rb", "rdoc/markup/to_markdown.rb", "rdoc/markup/to_rdoc.rb", "rdoc/markup/to_table_of_contents.rb", "rdoc/markup/to_test.rb", "rdoc/markup/to_tt_only.rb", "rdoc/markup/verbatim.rb", "rdoc/meta_method.rb", "rdoc/method_attr.rb", "rdoc/mixin.rb", "rdoc/normal_class.rb", "rdoc/normal_module.rb", "rdoc/options.rb", "rdoc/parser.rb", "rdoc/parser/c.rb", "rdoc/parser/changelog.rb", "rdoc/parser/markdown.rb", "rdoc/parser/rd.rb", "rdoc/parser/ruby.rb", "rdoc/parser/ruby_tools.rb", "rdoc/parser/simple.rb", "rdoc/parser/text.rb", "rdoc/rd.rb", "rdoc/rd/block_parser.rb", "rdoc/rd/inline.rb", "rdoc/rd/inline_parser.rb", "rdoc/rdoc.rb", "rdoc/require.rb", "rdoc/ri.rb", "rdoc/ri/driver.rb", "rdoc/ri/formatter.rb", "rdoc/ri/paths.rb", "rdoc/ri/store.rb", "rdoc/ri/task.rb", "rdoc/ruby_lex.rb", "rdoc/ruby_token.rb", "rdoc/rubygems_hook.rb", "rdoc/servlet.rb", "rdoc/single_class.rb", "rdoc/stats.rb", "rdoc/stats/normal.rb", "rdoc/stats/quiet.rb", "rdoc/stats/verbose.rb", "rdoc/store.rb", "rdoc/task.rb", "rdoc/test_case.rb", "rdoc/text.rb", "rdoc/token_stream.rb", "rdoc/tom_doc.rb", "rdoc/top_level.rb"] diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb index 7c5d34e..4b74646 100644 --- a/lib/rdoc/rdoc.rb +++ b/lib/rdoc/rdoc.rb @@ -321,7 +321,7 @@ option) end end - file_list.flatten + file_list.flatten.sort end ## diff --git a/lib/resolv.rb b/lib/resolv.rb index 9a981b9..7cc93a3 100644 --- a/lib/resolv.rb +++ b/lib/resolv.rb @@ -189,7 +189,7 @@ class Resolv unless @initialized @name2addr = {} @addr2name = {} - open(@filename, 'rb') {|f| + File.open(@filename, 'rb') {|f| f.each {|line| line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/) diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 04031c7..3528a15 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -10,7 +10,7 @@ require 'rbconfig' require 'thread' module Gem - VERSION = '2.5.2' + VERSION = '2.5.2.1' end # Must be first since it unloads the prelude from 1.9.2 @@ -602,7 +602,7 @@ module Gem unless test_syck begin - gem 'psych', '>= 1.2.1' + gem 'psych', '>= 2.0.0' rescue Gem::LoadError # It's OK if the user does not have the psych gem installed. We will # attempt to require the stdlib version @@ -626,6 +626,7 @@ module Gem end require 'yaml' + require 'rubygems/safe_yaml' # If we're supposed to be using syck, then we may have to force # activate it via the YAML::ENGINE API. diff --git a/lib/rubygems/commands/owner_command.rb b/lib/rubygems/commands/owner_command.rb index e507c98..62780f3 100644 --- a/lib/rubygems/commands/owner_command.rb +++ b/lib/rubygems/commands/owner_command.rb @@ -62,7 +62,7 @@ permission to. end with_response response do |resp| - owners = YAML.load resp.body + owners = Gem::SafeYAML.load resp.body say "Owners for gem: #{name}" owners.each do |owner| diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb index d6196b4..61e9808 100644 --- a/lib/rubygems/commands/query_command.rb +++ b/lib/rubygems/commands/query_command.rb @@ -226,7 +226,7 @@ is too hard to use. end end - output << make_entry(matching_tuples, platforms) + output << clean_text(make_entry(matching_tuples, platforms)) end end @@ -344,7 +344,8 @@ is too hard to use. end def spec_summary entry, spec - entry << "\n\n" << format_text(spec.summary, 68, 4) + summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") + entry << "\n\n" << format_text(summary, 68, 4) end end diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb index de90cbf..2bcd830 100644 --- a/lib/rubygems/config_file.rb +++ b/lib/rubygems/config_file.rb @@ -332,7 +332,7 @@ if you believe they were disclosed to a third party. return {} unless filename and File.exist? filename begin - content = YAML.load(File.read(filename)) + content = Gem::SafeYAML.load(File.read(filename)) unless content.kind_of? Hash warn "Failed to load #{filename} because it doesn't contain valid YAML hash" return {} diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb index 85358e0..709b77d 100644 --- a/lib/rubygems/installer.rb +++ b/lib/rubygems/installer.rb @@ -693,6 +693,11 @@ class Gem::Installer unpack or File.writable?(gem_home) end + def verify_spec_name + return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN + raise Gem::InstallError, "#{spec} has an invalid name" + end + ## # Return the text for an application file. @@ -812,6 +817,8 @@ TEXT ensure_loadable_spec + verify_spec_name + if options[:install_as_default] Gem.ensure_default_gem_subdirectories gem_home else diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index 0d9adba..9305482 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -376,7 +376,7 @@ EOM File.dirname destination end - FileUtils.mkdir_p mkdir, mkdir_options + mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name open destination, 'wb' do |out| out.write entry.read @@ -414,20 +414,35 @@ EOM raise Gem::Package::PathError.new(filename, destination_dir) if filename.start_with? '/' - destination_dir = File.realpath destination_dir if - File.respond_to? :realpath + destination_dir = realpath destination_dir destination_dir = File.expand_path destination_dir destination = File.join destination_dir, filename destination = File.expand_path destination raise Gem::Package::PathError.new(destination, destination_dir) unless - destination.start_with? destination_dir + destination.start_with? destination_dir + '/' destination.untaint destination end + def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name + destination_dir = realpath File.expand_path(destination_dir) + parts = mkdir.split(File::SEPARATOR) + parts.reduce do |path, basename| + path = realpath path unless path == "" + path = File.expand_path(path + File::SEPARATOR + basename) + lstat = File.lstat path rescue nil + if !lstat || !lstat.directory? + unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false) + raise Gem::Package::PathError.new(file_name, destination_dir) + end + end + path + end + end + ## # Loads a Gem::Specification from the TarEntry +entry+ @@ -466,7 +481,7 @@ EOM @checksums = gem.seek 'checksums.yaml.gz' do |entry| Zlib::GzipReader.wrap entry do |gz_io| - YAML.load gz_io.read + Gem::SafeYAML.safe_load gz_io.read end end end @@ -601,6 +616,10 @@ EOM raise Gem::Package::FormatError.new \ 'package content (data.tar.gz) is missing', @gem end + + if duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first) and duplicates.any? + raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(', ')})" + end end ## @@ -614,6 +633,16 @@ EOM raise Gem::Package::FormatError.new(e.message, entry.full_name) end + if File.respond_to? :realpath + def realpath file + File.realpath file + end + else + def realpath file + file + end + end + end require 'rubygems/package/digest_io' diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb index 5e722ba..071f714 100644 --- a/lib/rubygems/package/old.rb +++ b/lib/rubygems/package/old.rb @@ -101,7 +101,7 @@ class Gem::Package::Old < Gem::Package header << line end - YAML.load header + Gem::SafeYAML.safe_load header end ## diff --git a/lib/rubygems/package/tar_header.rb b/lib/rubygems/package/tar_header.rb index c54bd14..d557357 100644 --- a/lib/rubygems/package/tar_header.rb +++ b/lib/rubygems/package/tar_header.rb @@ -104,25 +104,30 @@ class Gem::Package::TarHeader fields = header.unpack UNPACK_FORMAT new :name => fields.shift, - :mode => fields.shift.oct, - :uid => fields.shift.oct, - :gid => fields.shift.oct, - :size => fields.shift.oct, - :mtime => fields.shift.oct, - :checksum => fields.shift.oct, + :mode => strict_oct(fields.shift), + :uid => strict_oct(fields.shift), + :gid => strict_oct(fields.shift), + :size => strict_oct(fields.shift), + :mtime => strict_oct(fields.shift), + :checksum => strict_oct(fields.shift), :typeflag => fields.shift, :linkname => fields.shift, :magic => fields.shift, - :version => fields.shift.oct, + :version => strict_oct(fields.shift), :uname => fields.shift, :gname => fields.shift, - :devmajor => fields.shift.oct, - :devminor => fields.shift.oct, + :devmajor => strict_oct(fields.shift), + :devminor => strict_oct(fields.shift), :prefix => fields.shift, :empty => empty end + def self.strict_oct(str) + return str.oct if str =~ /\A[0-7]*\z/ + raise ArgumentError, "#{str.inspect} is not an octal string" + end + ## # Creates a new TarHeader using +vals+ diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb index ab0313c..2c94c95 100644 --- a/lib/rubygems/package/tar_writer.rb +++ b/lib/rubygems/package/tar_writer.rb @@ -196,6 +196,8 @@ class Gem::Package::TarWriter digest_name == signer.digest_name end + raise "no #{signer.digest_name} in #{digests.values.compact}" unless signature_digest + if signer.key then signature = signer.sign signature_digest.digest diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb index fda1e06..254bebf 100644 --- a/lib/rubygems/remote_fetcher.rb +++ b/lib/rubygems/remote_fetcher.rb @@ -104,7 +104,7 @@ class Gem::RemoteFetcher else target = res.target.to_s.strip - if /\.#{Regexp.quote(host)}\z/ =~ target + if URI("http://" + target).host.end_with?(".#{host}") return URI.parse "#{uri.scheme}://#{target}#{uri.path}" end diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb new file mode 100644 index 0000000..b98cfaa --- /dev/null +++ b/lib/rubygems/safe_yaml.rb @@ -0,0 +1,48 @@ +module Gem + + ### + # This module is used for safely loading YAML specs from a gem. The + # `safe_load` method defined on this module is specifically designed for + # loading Gem specifications. For loading other YAML safely, please see + # Psych.safe_load + + module SafeYAML + WHITELISTED_CLASSES = %w( + Symbol + Time + Date + Gem::Dependency + Gem::Platform + Gem::Requirement + Gem::Specification + Gem::Version + Gem::Version::Requirement + YAML::Syck::DefaultKey + Syck::DefaultKey + ) + + WHITELISTED_SYMBOLS = %w( + development + runtime + ) + + if ::YAML.respond_to? :safe_load + def self.safe_load input + ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true) + end + + def self.load input + ::YAML.safe_load(input, [::Symbol]) + end + else + warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)." + def self.safe_load input, *args + ::YAML.load input + end + + def self.load input + ::YAML.load input + end + end + end +end diff --git a/lib/rubygems/server.rb b/lib/rubygems/server.rb index 8d6a96b..db3730b 100644 --- a/lib/rubygems/server.rb +++ b/lib/rubygems/server.rb @@ -626,6 +626,18 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; } executables = nil if executables.empty? executables.last["is_last"] = true if executables + # Pre-process spec homepage for safety reasons + begin + homepage_uri = URI.parse(spec.homepage) + if [URI::HTTP, URI::HTTPS].member? homepage_uri.class + homepage_uri = spec.homepage + else + homepage_uri = "." + end + rescue URI::InvalidURIError + homepage_uri = "." + end + specs << { "authors" => spec.authors.sort.join(", "), "date" => spec.date.to_s, @@ -635,7 +647,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; } "only_one_executable" => (executables && executables.size == 1), "full_name" => spec.full_name, "has_deps" => !deps.empty?, - "homepage" => spec.homepage, + "homepage" => homepage_uri, "name" => spec.name, "rdoc_installed" => Gem::RDoc.new(spec).rdoc_installed?, "ri_installed" => Gem::RDoc.new(spec).ri_installed?, diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb index 8e2557c..e7e5565 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb @@ -15,6 +15,7 @@ require 'rubygems/basic_specification' require 'rubygems/stub_specification' require 'rubygems/util/list' require 'stringio' +require 'uri' ## # The Specification class contains the information for a Gem. Typically @@ -108,6 +109,8 @@ class Gem::Specification < Gem::BasicSpecification private_constant :LOAD_CACHE if defined? private_constant + VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: + # :startdoc: ## @@ -1099,7 +1102,7 @@ class Gem::Specification < Gem::BasicSpecification Gem.load_yaml input = normalize_yaml_input input - spec = YAML.load input + spec = Gem::SafeYAML.safe_load input if spec && spec.class == FalseClass then raise Gem::EndOfYAMLException @@ -1754,7 +1757,9 @@ class Gem::Specification < Gem::BasicSpecification raise(Gem::InvalidSpecificationException, "invalid date format in specification: #{date.inspect}") end - when Time, DateLike then + when Time then + Time.utc(date.utc.year, date.utc.month, date.utc.day) + when DateLike then Time.utc(date.year, date.month, date.day) else TODAY @@ -2665,9 +2670,15 @@ class Gem::Specification < Gem::BasicSpecification end end - unless String === name then + if !name.is_a?(String) then + raise Gem::InvalidSpecificationException, + "invalid value for attribute name: \"#{name.inspect}\" must be a string" + elsif name !~ /[a-zA-Z]/ then raise Gem::InvalidSpecificationException, - "invalid value for attribute name: \"#{name.inspect}\"" + "invalid value for attribute name: #{name.dump} must include at least one letter" + elsif name !~ VALID_NAME_PATTERN then + raise Gem::InvalidSpecificationException, + "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" end if raw_require_paths.empty? then @@ -2799,10 +2810,16 @@ http://spdx.org/licenses or '#{Gem::Licenses::NONSTANDARD}' for a nonstandard li raise Gem::InvalidSpecificationException, "#{lazy} is not a summary" end - if homepage and not homepage.empty? and - homepage !~ /\A[a-z][a-z\d+.-]*:/i then - raise Gem::InvalidSpecificationException, - "\"#{homepage}\" is not a URI" + # Make sure a homepage is valid HTTP/HTTPS URI + if homepage and not homepage.empty? + begin + homepage_uri = URI.parse(homepage) + unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class + raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI" + end + rescue URI::InvalidURIError + raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI" + end end # Warnings diff --git a/lib/rubygems/text.rb b/lib/rubygems/text.rb index 732f1b9..b944b62 100644 --- a/lib/rubygems/text.rb +++ b/lib/rubygems/text.rb @@ -6,13 +6,26 @@ require 'rubygems' module Gem::Text + ## + # Remove any non-printable characters and make the text suitable for + # printing. + def clean_text(text) + text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) + end + + def truncate_text(text, description, max_length = 100_000) + raise ArgumentError, "max_length must be positive" unless max_length > 0 + return text if text.size <= max_length + "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] + end + ## # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ # characters def format_text(text, wrap, indent=0) result = [] - work = text.dup + work = clean_text(text) while work.length > wrap do if work =~ /^(.{0,#{wrap}})[ \n]/ then diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index e4df93c..61eac3b 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -109,8 +109,10 @@ class Dir def make_tmpname((prefix, suffix), n) prefix = (String.try_convert(prefix) or raise ArgumentError, "unexpected prefix: #{prefix.inspect}") + prefix = prefix.delete("#{File::SEPARATOR}#{File::ALT_SEPARATOR}") suffix &&= (String.try_convert(suffix) or raise ArgumentError, "unexpected suffix: #{suffix.inspect}") + suffix &&= suffix.delete("#{File::SEPARATOR}#{File::ALT_SEPARATOR}") t = Time.now.strftime("%Y%m%d") path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}".dup path << "-#{n}" if n diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb index 018989e..415c94a 100644 --- a/lib/webrick/httpauth/digestauth.rb +++ b/lib/webrick/httpauth/digestauth.rb @@ -235,9 +235,11 @@ module WEBrick ha2 = hexdigest(req.request_method, auth_req['uri']) ha2_res = hexdigest("", auth_req['uri']) elsif auth_req['qop'] == "auth-int" - ha2 = hexdigest(req.request_method, auth_req['uri'], - hexdigest(req.body)) - ha2_res = hexdigest("", auth_req['uri'], hexdigest(res.body)) + body_digest = @h.new + req.body { |chunk| body_digest.update(chunk) } + body_digest = body_digest.hexdigest + ha2 = hexdigest(req.request_method, auth_req['uri'], body_digest) + ha2_res = hexdigest("", auth_req['uri'], body_digest) end if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int" diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index 88cdec8..6fc85a4 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -414,9 +414,13 @@ module WEBrick MAX_URI_LENGTH = 2083 # :nodoc: + # same as Mongrel, Thin and Puma + MAX_HEADER_LENGTH = (112 * 1024) # :nodoc: + def read_request_line(socket) @request_line = read_line(socket, MAX_URI_LENGTH) if socket - if @request_line.bytesize >= MAX_URI_LENGTH and @request_line[-1, 1] != LF + @request_bytes = @request_line.bytesize + if @request_bytes >= MAX_URI_LENGTH and @request_line[-1, 1] != LF raise HTTPStatus::RequestURITooLarge end @request_time = Time.now @@ -435,6 +439,9 @@ module WEBrick if socket while line = read_line(socket) break if /\A(#{CRLF}|#{LF})\z/om =~ line + if (@request_bytes += line.bytesize) > MAX_HEADER_LENGTH + raise HTTPStatus::RequestEntityTooLarge, 'headers too large' + end @raw_header << line end end @@ -502,12 +509,16 @@ module WEBrick def read_chunked(socket, block) chunk_size, = read_chunk_size(socket) while chunk_size > 0 - data = read_data(socket, chunk_size) # read chunk-data - if data.nil? || data.bytesize != chunk_size - raise BadRequest, "bad chunk data size." - end + begin + sz = [ chunk_size, @buffer_size ].min + data = read_data(socket, sz) # read chunk-data + if data.nil? || data.bytesize != sz + raise HTTPStatus::BadRequest, "bad chunk data size." + end + block.call(data) + end while (chunk_size -= sz) > 0 + read_line(socket) # skip CRLF - block.call(data) chunk_size, = read_chunk_size(socket) end read_header(socket) # trailer + CRLF diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb index 5fd54b7..c120cae 100644 --- a/lib/webrick/httpresponse.rb +++ b/lib/webrick/httpresponse.rb @@ -21,6 +21,8 @@ module WEBrick # WEBrick HTTP Servlet. class HTTPResponse + class InvalidHeader < StandardError + end ## # HTTP Response version @@ -287,14 +289,19 @@ module WEBrick data = status_line() @header.each{|key, value| tmp = key.gsub(/\bwww|^te$|\b\w/){ $&.upcase } - data << "#{tmp}: #{value}" << CRLF + data << "#{tmp}: #{check_header(value)}" << CRLF } @cookies.each{|cookie| - data << "Set-Cookie: " << cookie.to_s << CRLF + data << "Set-Cookie: " << check_header(cookie.to_s) << CRLF } data << CRLF _write_data(socket, data) end + rescue InvalidHeader => e + @header.clear + @cookies.clear + set_error e + retry end ## @@ -303,6 +310,8 @@ module WEBrick def send_body(socket) # :nodoc: if @body.respond_to? :readpartial then send_body_io(socket) + elsif @body.respond_to?(:call) then + send_body_proc(socket) else send_body_string(socket) end @@ -352,6 +361,22 @@ module WEBrick host, port = @config[:ServerName], @config[:Port] end + error_body(backtrace, ex, host, port) + end + + private + + def check_header(header_value) + if header_value =~ /\r\n/ + raise InvalidHeader + else + header_value + end + end + + # :stopdoc: + + def error_body(backtrace, ex, host, port) @body = '' @body << <<-_end_of_html_ @@ -405,9 +430,20 @@ module WEBrick end _write_data(socket, "0#{CRLF}#{CRLF}") else - size = @header['content-length'].to_i - _send_file(socket, @body, 0, size) - @sent_size = size + if %r{\Abytes (\d+)-(\d+)/\d+\z} =~ @header['content-range'] + offset = $1.to_i + size = $2.to_i - offset + 1 + else + offset = nil + size = @header['content-length'] + size = size.to_i if size + end + begin + @sent_size = IO.copy_stream(@body, socket, size, offset) + rescue NotImplementedError + @body.seek(offset, IO::SEEK_SET) + @sent_size = IO.copy_stream(@body, socket, size) + end end ensure @body.close @@ -436,24 +472,41 @@ module WEBrick end end - def _send_file(output, input, offset, size) - while offset > 0 - sz = @buffer_size < size ? @buffer_size : size - buf = input.read(sz) - offset -= buf.bytesize + def send_body_proc(socket) + if @request_method == "HEAD" + # do nothing + elsif chunked? + @body.call(ChunkedWrapper.new(socket, self)) + _write_data(socket, "0#{CRLF}#{CRLF}") + else + size = @header['content-length'].to_i + @body.call(socket) + @sent_size = size end + end - if size == 0 - while buf = input.read(@buffer_size) - _write_data(output, buf) - end - else - while size > 0 - sz = @buffer_size < size ? @buffer_size : size - buf = input.read(sz) - _write_data(output, buf) - size -= buf.bytesize - end + class ChunkedWrapper + def initialize(socket, resp) + @socket = socket + @resp = resp + end + + def write(buf) + return 0 if buf.empty? + socket = @socket + @resp.instance_eval { + size = buf.bytesize + data = "#{size.to_s(16)}#{CRLF}#{buf}#{CRLF}" + _write_data(socket, data) + data.clear + @sent_size += size + size + } + end + + def <<(*buf) + write(buf) + self end end diff --git a/lib/webrick/httpserver.rb b/lib/webrick/httpserver.rb index b27f231..e46b3bd 100644 --- a/lib/webrick/httpserver.rb +++ b/lib/webrick/httpserver.rb @@ -267,12 +267,12 @@ module WEBrick k.sort! k.reverse! k.collect!{|path| Regexp.escape(path) } - @scanner = Regexp.new("^(" + k.join("|") +")(?=/|$)") + @scanner = Regexp.new("\\A(" + k.join("|") +")(?=/|\\z)") end def normalize(dir) ret = dir ? dir.dup : "" - ret.sub!(%r|/+$|, "") + ret.sub!(%r|/+\z|, "") ret end end diff --git a/lib/webrick/httpservlet/cgihandler.rb b/lib/webrick/httpservlet/cgihandler.rb index ba6b0b6..b1fb471 100644 --- a/lib/webrick/httpservlet/cgihandler.rb +++ b/lib/webrick/httpservlet/cgihandler.rb @@ -65,9 +65,7 @@ module WEBrick cgi_in.write("%8d" % dump.bytesize) cgi_in.write(dump) - if req.body and req.body.bytesize > 0 - cgi_in.write(req.body) - end + req.body { |chunk| cgi_in.write(chunk) } ensure cgi_in.close status = $?.exitstatus diff --git a/lib/webrick/httpservlet/filehandler.rb b/lib/webrick/httpservlet/filehandler.rb index 068246c..7aa0d9f 100644 --- a/lib/webrick/httpservlet/filehandler.rb +++ b/lib/webrick/httpservlet/filehandler.rb @@ -87,6 +87,35 @@ module WEBrick return false end + # returns a lambda for webrick/httpresponse.rb send_body_proc + def multipart_body(body, parts, boundary, mtype, filesize) + lambda do |socket| + begin + begin + first = parts.shift + last = parts.shift + socket.write( + "--#{boundary}#{CRLF}" \ + "Content-Type: #{mtype}#{CRLF}" \ + "Content-Range: bytes #{first}-#{last}/#{filesize}#{CRLF}" \ + "#{CRLF}" + ) + + begin + IO.copy_stream(body, socket, last - first + 1, first) + rescue NotImplementedError + body.seek(first, IO::SEEK_SET) + IO.copy_stream(body, socket, last - first + 1) + end + socket.write(CRLF) + end while parts[0] + socket.write("--#{boundary}--#{CRLF}") + ensure + body.close + end + end + end + def make_partial_content(req, res, filename, filesize) mtype = HTTPUtils::mime_type(filename, @config[:MimeTypes]) unless ranges = HTTPUtils::parse_range_header(req['range']) @@ -97,37 +126,27 @@ module WEBrick if ranges.size > 1 time = Time.now boundary = "#{time.sec}_#{time.usec}_#{Process::pid}" - body = '' - ranges.each{|range| - first, last = prepare_range(range, filesize) - next if first < 0 - io.pos = first - content = io.read(last-first+1) - body << "--" << boundary << CRLF - body << "Content-Type: #{mtype}" << CRLF - body << "Content-Range: bytes #{first}-#{last}/#{filesize}" << CRLF - body << CRLF - body << content - body << CRLF + parts = [] + ranges.each {|range| + prange = prepare_range(range, filesize) + next if prange[0] < 0 + parts.concat(prange) } - raise HTTPStatus::RequestRangeNotSatisfiable if body.empty? - body << "--" << boundary << "--" << CRLF + raise HTTPStatus::RequestRangeNotSatisfiable if parts.empty? res["content-type"] = "multipart/byteranges; boundary=#{boundary}" - res.body = body + if req.http_version < '1.1' + res['connection'] = 'close' + else + res.chunked = true + end + res.body = multipart_body(io.dup, parts, boundary, mtype, filesize) elsif range = ranges[0] first, last = prepare_range(range, filesize) raise HTTPStatus::RequestRangeNotSatisfiable if first < 0 - if last == filesize - 1 - content = io.dup - content.pos = first - else - io.pos = first - content = io.read(last-first+1) - end res['content-type'] = mtype res['content-range'] = "bytes #{first}-#{last}/#{filesize}" res['content-length'] = last - first + 1 - res.body = content + res.body = io.dup else raise HTTPStatus::BadRequest end diff --git a/lib/webrick/httpstatus.rb b/lib/webrick/httpstatus.rb index 8664da2..ff9f182 100644 --- a/lib/webrick/httpstatus.rb +++ b/lib/webrick/httpstatus.rb @@ -23,10 +23,6 @@ module WEBrick ## # Root of the HTTP status class hierarchy class Status < StandardError - def initialize(*args) # :nodoc: - args[0] = AccessLog.escape(args[0]) unless args.empty? - super(*args) - end class << self attr_reader :code, :reason_phrase # :nodoc: end diff --git a/lib/webrick/log.rb b/lib/webrick/log.rb index 7542d8f..41e907c 100644 --- a/lib/webrick/log.rb +++ b/lib/webrick/log.rb @@ -118,10 +118,10 @@ module WEBrick # * Otherwise it will return +arg+.inspect. def format(arg) if arg.is_a?(Exception) - "#{arg.class}: #{arg.message}\n\t" << + "#{arg.class}: #{AccessLog.escape(arg.message)}\n\t" << arg.backtrace.join("\n\t") << "\n" elsif arg.respond_to?(:to_str) - arg.to_str + AccessLog.escape(arg.to_str) else arg.inspect end diff --git a/pack.c b/pack.c index 5598967..61abd06 100644 --- a/pack.c +++ b/pack.c @@ -751,6 +751,7 @@ pack_pack(VALUE ary, VALUE fmt) StringValue(from); ptr = RSTRING_PTR(from); plen = RSTRING_LEN(from); + OBJ_INFECT(res, from); if (len == 0 && type == 'm') { encodes(res, ptr, plen, type, 0); @@ -778,6 +779,7 @@ pack_pack(VALUE ary, VALUE fmt) case 'M': /* quoted-printable encoded string */ from = rb_obj_as_string(NEXTFROM); + OBJ_INFECT(res, from); if (len <= 1) len = 72; qpencode(res, from, len); @@ -803,6 +805,7 @@ pack_pack(VALUE ary, VALUE fmt) } else { t = StringValuePtr(from); + OBJ_INFECT(res, from); rb_obj_taint(from); } if (!associates) { @@ -1235,7 +1238,7 @@ pack_unpack(VALUE str, VALUE fmt) else if (ISDIGIT(*p)) { errno = 0; len = STRTOUL(p, (char**)&p, 10); - if (errno) { + if (len < 0 || errno) { rb_raise(rb_eRangeError, "pack length too big"); } } @@ -1291,13 +1294,15 @@ pack_unpack(VALUE str, VALUE fmt) if (p[-1] == '*' || len > (send - s) * 8) len = (send - s) * 8; bits = 0; - UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len)); + bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i>= 1; else bits = (unsigned char)*s++; *t++ = (bits & 1) ? '1' : '0'; } + UNPACK_PUSH(bitstr); } break; @@ -1311,13 +1316,15 @@ pack_unpack(VALUE str, VALUE fmt) if (p[-1] == '*' || len > (send - s) * 8) len = (send - s) * 8; bits = 0; - UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len)); + bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i (send - s) * 2) len = (send - s) * 2; bits = 0; - UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len)); + bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i (send - s) * 2) len = (send - s) * 2; bits = 0; - UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len)); + bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i> 4) & 15]; } + UNPACK_PUSH(bitstr); } break; diff --git a/sprintf.c b/sprintf.c index b022c5d..a9bbc8f 100644 --- a/sprintf.c +++ b/sprintf.c @@ -1147,6 +1147,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) fval = RFLOAT_VALUE(rb_Float(val)); if (isnan(fval) || isinf(fval)) { const char *expr; + int elen; + char sign = '\0'; if (isnan(fval)) { expr = "NaN"; @@ -1155,33 +1157,28 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) expr = "Inf"; } need = (int)strlen(expr); - if ((!isnan(fval) && fval < 0.0) || (flags & FPLUS)) - need++; + elen = need; + i = 0; + if (!isnan(fval) && fval < 0.0) + sign = '-'; + else if (flags & (FPLUS|FSPACE)) + sign = (flags & FPLUS) ? '+' : ' '; + if (sign) + ++need; if ((flags & FWIDTH) && need < width) need = width; - CHECK(need + 1); - snprintf(&buf[blen], need + 1, "%*s", need, ""); + FILL(' ', need); if (flags & FMINUS) { - if (!isnan(fval) && fval < 0.0) - buf[blen++] = '-'; - else if (flags & FPLUS) - buf[blen++] = '+'; - else if (flags & FSPACE) - blen++; - memcpy(&buf[blen], expr, strlen(expr)); + if (sign) + buf[blen - need--] = sign; + memcpy(&buf[blen - need], expr, elen); } else { - if (!isnan(fval) && fval < 0.0) - buf[blen + need - strlen(expr) - 1] = '-'; - else if (flags & FPLUS) - buf[blen + need - strlen(expr) - 1] = '+'; - else if ((flags & FSPACE) && need > width) - blen++; - memcpy(&buf[blen + need - strlen(expr)], expr, - strlen(expr)); + if (sign) + buf[blen - elen - 1] = sign; + memcpy(&buf[blen - elen], expr, elen); } - blen += strlen(&buf[blen]); break; } diff --git a/test/excludes/Rinda/TestRingFinger.rb b/test/excludes/Rinda/TestRingFinger.rb new file mode 100644 index 0000000..e496bfe --- /dev/null +++ b/test/excludes/Rinda/TestRingFinger.rb @@ -0,0 +1,3 @@ +reason = "Network access not allowed during build in Debian" +exclude :test_make_socket_ipv4_multicast, reason +exclude :test_make_socket_ipv4_multicast_hops, reason diff --git a/test/excludes/Rinda/TestRingServer.rb b/test/excludes/Rinda/TestRingServer.rb new file mode 100644 index 0000000..461dd19 --- /dev/null +++ b/test/excludes/Rinda/TestRingServer.rb @@ -0,0 +1,3 @@ +reason = "Network access not allowed during build in Debian" +exclude :test_make_socket_ipv4_multicast, reason +exclude :test_ring_server_ipv4_multicast, reason diff --git a/test/excludes/TestProcess.rb b/test/excludes/TestProcess.rb new file mode 100644 index 0000000..24f71b4 --- /dev/null +++ b/test/excludes/TestProcess.rb @@ -0,0 +1,5 @@ +# Found on Debian mips* buildds, this test consumes ~2GB RAM and +# a lot of CPU time before failing. Note that the test failure +# may point to an issue in the Array implementation. +# https://bugs.ruby-lang.org/issues/12500 +exclude :test_aspawn_too_long_path, "RAM and time consuming test" diff --git a/test/excludes/TestRefinement.rb b/test/excludes/TestRefinement.rb new file mode 100644 index 0000000..8f148fd --- /dev/null +++ b/test/excludes/TestRefinement.rb @@ -0,0 +1,2 @@ +# Found on Debian arm*, powerpc buildds +exclude :test_prepend_after_refine_wb_miss, "time consuming test" diff --git a/test/excludes/TestTimeTZ.rb b/test/excludes/TestTimeTZ.rb new file mode 100644 index 0000000..61d55f4 --- /dev/null +++ b/test/excludes/TestTimeTZ.rb @@ -0,0 +1,4 @@ +exclude :test_gen_Pacific_Kiritimati_71, "https://bugs.ruby-lang.org/issues/14655" +exclude :test_gen_Pacific_Kiritimati_89, "https://bugs.ruby-lang.org/issues/14655" +exclude :test_gen_lisbon_99, "https://bugs.ruby-lang.org/issues/14655" +exclude :test_pacific_kiritimati, "https://bugs.ruby-lang.org/issues/14655" diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb index ca71a91..fbb3bf2 100644 --- a/test/net/ftp/test_ftp.rb +++ b/test/net/ftp/test_ftp.rb @@ -5,6 +5,7 @@ require "test/unit" require "ostruct" require "stringio" require "tempfile" +require "tmpdir" class FTPTest < Test::Unit::TestCase SERVER_ADDR = "127.0.0.1" @@ -1643,6 +1644,227 @@ EOF end end + def test_getbinaryfile_command_injection + skip "| is not allowed in filename on Windows" if windows? + [false, true].each do |resume| + commands = [] + binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3 + server = create_ftp_server { |sock| + sock.print("220 (test_ftp).\r\n") + commands.push(sock.gets) + sock.print("331 Please specify the password.\r\n") + commands.push(sock.gets) + sock.print("230 Login successful.\r\n") + commands.push(sock.gets) + sock.print("200 Switching to Binary mode.\r\n") + line = sock.gets + commands.push(line) + host, port = process_port_or_eprt(sock, line) + commands.push(sock.gets) + sock.print("150 Opening BINARY mode data connection for |echo hello (#{binary_data.size} bytes)\r\n") + conn = TCPSocket.new(host, port) + binary_data.scan(/.{1,1024}/nm) do |s| + conn.print(s) + end + conn.shutdown(Socket::SHUT_WR) + conn.read + conn.close + sock.print("226 Transfer complete.\r\n") + } + begin + chdir_to_tmpdir do + begin + ftp = Net::FTP.new + ftp.resume = resume + ftp.read_timeout = 0.2 + ftp.connect(SERVER_ADDR, server.port) + ftp.login + assert_match(/\AUSER /, commands.shift) + assert_match(/\APASS /, commands.shift) + assert_equal("TYPE I\r\n", commands.shift) + ftp.getbinaryfile("|echo hello") + assert_equal(binary_data, File.binread("./|echo hello")) + assert_match(/\A(PORT|EPRT) /, commands.shift) + assert_equal("RETR |echo hello\r\n", commands.shift) + assert_equal(nil, commands.shift) + ensure + ftp.close if ftp + end + end + ensure + server.close + end + end + end + + def test_gettextfile_command_injection + skip "| is not allowed in filename on Windows" if windows? + commands = [] + text_data = <\r\n", sock.write_io.string + end + + def test_rcptto + sock = FakeSocket.new + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, sock + assert smtp.rcptto("foo@example.com").success? + assert_equal "RCPT TO:\r\n", sock.write_io.string + end + + def test_auth_plain + sock = FakeSocket.new + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, sock + assert smtp.auth_plain("foo", "bar").success? + assert_equal "AUTH PLAIN AGZvbwBiYXI=\r\n", sock.write_io.string + end + + def test_crlf_injection + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, FakeSocket.new + + assert_raise(ArgumentError) do + smtp.mailfrom("foo\r\nbar") + end + + assert_raise(ArgumentError) do + smtp.mailfrom("foo\rbar") + end + + assert_raise(ArgumentError) do + smtp.mailfrom("foo\nbar") + end + + assert_raise(ArgumentError) do + smtp.rcptto("foo\r\nbar") + end + end end end diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index fd2118d..109fd95 100644 --- a/test/openssl/test_asn1.rb +++ b/test/openssl/test_asn1.rb @@ -596,6 +596,29 @@ rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm assert_equal(false, asn1.value[3].infinite_length) end + def test_decode_constructed_overread + test = %w{ 31 06 31 02 30 02 05 00 } + # ^ <- invalid + raw = [test.join].pack("H*") + ret = [] + assert_raise(OpenSSL::ASN1::ASN1Error) { + OpenSSL::ASN1.traverse(raw) { |x| ret << x } + } + assert_equal 2, ret.size + assert_equal 17, ret[0][6] + assert_equal 17, ret[1][6] + + test = %w{ 31 80 30 03 00 00 } + # ^ <- invalid + raw = [test.join].pack("H*") + ret = [] + assert_raise(OpenSSL::ASN1::ASN1Error) { + OpenSSL::ASN1.traverse(raw) { |x| ret << x } + } + assert_equal 1, ret.size + assert_equal 17, ret[0][6] + end + private def assert_universal(tag, asn1) diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 89c176f..fb08b61 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -81,6 +81,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase def test_empty_data @c1.encrypt + @c1.random_key assert_raise(ArgumentError){ @c1.update("") } end @@ -129,12 +130,10 @@ class OpenSSL::TestCipher < Test::Unit::TestCase } end - def test_AES_crush - 500.times do - assert_nothing_raised("[Bug #2768]") do - # it caused OpenSSL SEGV by uninitialized key - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 - end + def test_update_raise_if_key_not_set + assert_raise(OpenSSL::Cipher::CipherError) do + # it caused OpenSSL SEGV by uninitialized key + OpenSSL::Cipher::AES128.new("ECB").update "." * 17 end end end @@ -238,6 +237,24 @@ class OpenSSL::TestCipher < Test::Unit::TestCase end + def test_aes_gcm_key_iv_order_issue + pt = "[ruby/openssl#49]" + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.key = "x" * 16 + cipher.iv = "a" * 12 + ct1 = cipher.update(pt) << cipher.final + tag1 = cipher.auth_tag + + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.iv = "a" * 12 + cipher.key = "x" * 16 + ct2 = cipher.update(pt) << cipher.final + tag2 = cipher.auth_tag + + assert_equal ct1, ct2 + assert_equal tag1, tag2 + end if has_cipher?("aes-128-gcm") + private def new_encryptor(algo) diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb index 56e7987..411fa3b 100644 --- a/test/openssl/test_x509name.rb +++ b/test/openssl/test_x509name.rb @@ -338,10 +338,16 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase end def test_spaceship - n1 = OpenSSL::X509::Name.parse 'CN=a' - n2 = OpenSSL::X509::Name.parse 'CN=b' - - assert_equal(-1, n1 <=> n2) + n1 = OpenSSL::X509::Name.new([["CN", "a"]]) + n2 = OpenSSL::X509::Name.new([["CN", "a"]]) + n3 = OpenSSL::X509::Name.new([["CN", "ab"]]) + + assert_equal 0, n1 <=> n2 + assert_equal -1, n1 <=> n3 + assert_equal 0, n2 <=> n1 + assert_equal -1, n2 <=> n3 + assert_equal 1, n3 <=> n1 + assert_equal 1, n3 <=> n2 end def name_hash(name) diff --git a/test/ruby/test_array.rb b/test/ruby/test_array.rb index f27b8a5..bea1f37 100644 --- a/test/ruby/test_array.rb +++ b/test/ruby/test_array.rb @@ -1841,7 +1841,8 @@ class TestArray < Test::Unit::TestCase def test_permutation_stack_error bug9932 = '[ruby-core:63103] [Bug #9932]' - assert_separately([], <<-"end;") # do + # On some platforms (armel, mips), permutation is very expensive/slow. + assert_separately([], <<-"end;", timeout: 60) # do assert_nothing_raised(SystemStackError, "#{bug9932}") do assert_equal(:ok, Array.new(100_000, nil).permutation {break :ok}) end diff --git a/test/ruby/test_dir.rb b/test/ruby/test_dir.rb index 0cc5a6a..c66c796 100644 --- a/test/ruby/test_dir.rb +++ b/test/ruby/test_dir.rb @@ -156,6 +156,9 @@ class TestDir < Test::Unit::TestCase open(File.join(@root, "}}a"), "wb") {} assert_equal(%w(}}{} }}a).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '}}{\{\},a}'))) assert_equal(%w(}}{} }}a b c).map {|f| File.join(@root, f)}, Dir.glob(File.join(@root, '{\}\}{\{\},a},b,c}'))) + assert_raise(ArgumentError) { + Dir.glob([[@root, File.join(@root, "*")].join("\0")]) + } end def test_glob_recursive @@ -191,10 +194,12 @@ class TestDir < Test::Unit::TestCase def test_entries assert_entries(Dir.open(@root) {|dir| dir.entries}) + assert_raise(ArgumentError) {Dir.entries(@root+"\0")} end def test_foreach assert_entries(Dir.foreach(@root).to_a) + assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a} end def test_dir_enc diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index be0a79f..a37c844 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -1017,7 +1017,7 @@ class TestFileExhaustive < Test::Unit::TestCase user = ENV['USER'] skip "ENV['USER'] is not set" unless user assert_equal(ENV['HOME'], File.expand_path("~#{user}")) - end unless DRIVE + end if false # does not work in sbuild/buildd environments def test_expand_path_error_for_nonexistent_username user = "\u{3086 3046 3066 3044}:\u{307F 3084 304A 3046}" diff --git a/test/ruby/test_gc.rb b/test/ruby/test_gc.rb index 51b17c6..930c209 100644 --- a/test/ruby/test_gc.rb +++ b/test/ruby/test_gc.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require 'test/unit' -class TestGc < Test::Unit::TestCase +class TestGc class S def initialize(a) @a = a @@ -212,7 +212,7 @@ class TestGc < Test::Unit::TestCase assert_in_out_err([env, "-w", "-e", "exit"], "", [], /RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=0\.9/, "") # always full GC when RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR < 1.0 - assert_in_out_err([env, "-e", "1000_000.times{Object.new}; p(GC.stat[:minor_gc_count] < GC.stat[:major_gc_count])"], "", ['true'], //, "") if use_rgengc? + assert_in_out_err([env, "-e", "1000_000.times{Object.new}; p(GC.stat[:minor_gc_count] < GC.stat[:major_gc_count])"], "", ['true'], //, "", timeout: 30) if use_rgengc? # check obsolete assert_in_out_err([{'RUBY_FREE_MIN' => '100'}, '-w', '-eexit'], '', [], diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb index 2d7c0ae..30393dc 100644 --- a/test/ruby/test_pack.rb +++ b/test/ruby/test_pack.rb @@ -548,6 +548,9 @@ class TestPack < Test::Unit::TestCase assert_equal([1, 2], "\x01\x00\x00\x02".unpack("C@3C")) assert_equal([nil], "\x00".unpack("@1C")) # is it OK? assert_raise(ArgumentError) { "\x00".unpack("@2C") } + + pos = (1 << [nil].pack("p").bytesize * 8) - 100 # -100 + assert_raise(RangeError) {"0123456789".unpack("@#{pos}C10")} end def test_pack_unpack_percent @@ -814,4 +817,27 @@ EXPECTED assert_raise_with_message(ArgumentError, /too few/) {ary.pack("AA")} end; end + + def test_unpack_with_block + ret = []; "ABCD".unpack("CCCC") {|v| ret << v } + assert_equal [65, 66, 67, 68], ret + ret = []; "A".unpack("B*") {|v| ret << v } + assert_equal ["01000001"], ret + end + + def test_pack_infection + tainted_array_string = ["123456"] + tainted_array_string.first.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f| + assert_predicate(tainted_array_string.pack(f), :tainted?) + end + end + + def test_unpack_infection + tainted_string = "123456" + tainted_string.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f| + assert_predicate(tainted_string.unpack(f).first, :tainted?) + end + end end diff --git a/test/ruby/test_sprintf.rb b/test/ruby/test_sprintf.rb index 8aa0cbf..618edbe 100644 --- a/test/ruby/test_sprintf.rb +++ b/test/ruby/test_sprintf.rb @@ -84,6 +84,18 @@ class TestSprintf < Test::Unit::TestCase assert_equal("NaN", sprintf("%-f", nan)) assert_equal("+NaN", sprintf("%+f", nan)) + assert_equal("NaN", sprintf("%3f", nan)) + assert_equal("NaN", sprintf("%-3f", nan)) + assert_equal("+NaN", sprintf("%+3f", nan)) + + assert_equal(" NaN", sprintf("% 3f", nan)) + assert_equal(" NaN", sprintf("%- 3f", nan)) + assert_equal("+NaN", sprintf("%+ 3f", nan)) + + assert_equal(" NaN", sprintf("% 03f", nan)) + assert_equal(" NaN", sprintf("%- 03f", nan)) + assert_equal("+NaN", sprintf("%+ 03f", nan)) + assert_equal(" NaN", sprintf("%8f", nan)) assert_equal("NaN ", sprintf("%-8f", nan)) assert_equal(" +NaN", sprintf("%+8f", nan)) @@ -107,6 +119,26 @@ class TestSprintf < Test::Unit::TestCase assert_equal("Inf", sprintf("%-f", inf)) assert_equal("+Inf", sprintf("%+f", inf)) + assert_equal(" Inf", sprintf("% f", inf)) + assert_equal(" Inf", sprintf("%- f", inf)) + assert_equal("+Inf", sprintf("%+ f", inf)) + + assert_equal(" Inf", sprintf("% 0f", inf)) + assert_equal(" Inf", sprintf("%- 0f", inf)) + assert_equal("+Inf", sprintf("%+ 0f", inf)) + + assert_equal("Inf", sprintf("%3f", inf)) + assert_equal("Inf", sprintf("%-3f", inf)) + assert_equal("+Inf", sprintf("%+3f", inf)) + + assert_equal(" Inf", sprintf("% 3f", inf)) + assert_equal(" Inf", sprintf("%- 3f", inf)) + assert_equal("+Inf", sprintf("%+ 3f", inf)) + + assert_equal(" Inf", sprintf("% 03f", inf)) + assert_equal(" Inf", sprintf("%- 03f", inf)) + assert_equal("+Inf", sprintf("%+ 03f", inf)) + assert_equal(" Inf", sprintf("%8f", inf)) assert_equal("Inf ", sprintf("%-8f", inf)) assert_equal(" +Inf", sprintf("%+8f", inf)) @@ -127,6 +159,26 @@ class TestSprintf < Test::Unit::TestCase assert_equal("-Inf", sprintf("%-f", -inf)) assert_equal("-Inf", sprintf("%+f", -inf)) + assert_equal("-Inf", sprintf("% f", -inf)) + assert_equal("-Inf", sprintf("%- f", -inf)) + assert_equal("-Inf", sprintf("%+ f", -inf)) + + assert_equal("-Inf", sprintf("% 0f", -inf)) + assert_equal("-Inf", sprintf("%- 0f", -inf)) + assert_equal("-Inf", sprintf("%+ 0f", -inf)) + + assert_equal("-Inf", sprintf("%4f", -inf)) + assert_equal("-Inf", sprintf("%-4f", -inf)) + assert_equal("-Inf", sprintf("%+4f", -inf)) + + assert_equal("-Inf", sprintf("% 4f", -inf)) + assert_equal("-Inf", sprintf("%- 4f", -inf)) + assert_equal("-Inf", sprintf("%+ 4f", -inf)) + + assert_equal("-Inf", sprintf("% 04f", -inf)) + assert_equal("-Inf", sprintf("%- 04f", -inf)) + assert_equal("-Inf", sprintf("%+ 04f", -inf)) + assert_equal(" -Inf", sprintf("%8f", -inf)) assert_equal("-Inf ", sprintf("%-8f", -inf)) assert_equal(" -Inf", sprintf("%+8f", -inf)) diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb index b40b1ac..b257642 100644 --- a/test/ruby/test_time_tz.rb +++ b/test/ruby/test_time_tz.rb @@ -84,6 +84,16 @@ class TestTimeTZ < Test::Unit::TestCase has_right_tz &&= have_tz_offset?("right/America/Los_Angeles") has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon") + CORRECT_TOKYO_DST_1951 = with_tz("Asia/Tokyo") { + if Time.local(1951, 5, 6, 12, 0, 0).dst? # noon, DST + if Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata + Time.local(1951, 9, 8, 23, 0, 0).dst? ? "2018f" : "2018e" + end + end + } + CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") { + Time.local(1994, 12, 31, 0, 0, 0).year == 1995 + } def time_to_s(t) t.to_s @@ -126,8 +136,9 @@ class TestTimeTZ < Test::Unit::TestCase def test_asia_tokyo with_tz(tz="Asia/Tokyo") { - assert_time_constructor(tz, "1951-05-06 03:00:00 +1000", :local, [1951,5,6,2,0,0]) - assert_time_constructor(tz, "1951-05-06 03:59:59 +1000", :local, [1951,5,6,2,59,59]) + h = CORRECT_TOKYO_DST_1951 ? 0 : 2 + assert_time_constructor(tz, "1951-05-06 0#{h+1}:00:00 +1000", :local, [1951,5,6,h,0,0]) + assert_time_constructor(tz, "1951-05-06 0#{h+1}:59:59 +1000", :local, [1951,5,6,h,59,59]) assert_time_constructor(tz, "2010-06-10 06:13:28 +0900", :local, [2010,6,10,6,13,28]) } end @@ -172,9 +183,17 @@ class TestTimeTZ < Test::Unit::TestCase def test_pacific_kiritimati with_tz(tz="Pacific/Kiritimati") { - assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59]) - assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0]) - assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59]) + assert_time_constructor(tz, "1994-12-30 00:00:00 -1000", :local, [1994,12,30,0,0,0]) + assert_time_constructor(tz, "1994-12-30 23:59:59 -1000", :local, [1994,12,30,23,59,59]) + if CORRECT_KIRITIMATI_SKIP_1994 + assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1994,12,31,0,0,0]) + assert_time_constructor(tz, "1995-01-01 23:59:59 +1400", :local, [1994,12,31,23,59,59]) + assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1995,1,1,0,0,0]) + else + assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59]) + assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0]) + assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59]) + end assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,2,0,0,0]) } end @@ -329,10 +348,23 @@ America/Managua Wed Jan 1 05:00:00 1997 UTC = Tue Dec 31 23:00:00 1996 CST isd Asia/Singapore Sun Aug 8 16:30:00 1965 UTC = Mon Aug 9 00:00:00 1965 SGT isdst=0 gmtoff=27000 Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000 Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800 +End + gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End' +Asia/Tokyo Sat May 5 14:59:59 1951 UTC = Sat May 5 23:59:59 1951 JST isdst=0 gmtoff=32400 +Asia/Tokyo Sat May 5 15:00:00 1951 UTC = Sun May 6 01:00:00 1951 JDT isdst=1 gmtoff=36000 +End +Asia/Tokyo Sat Sep 8 13:59:59 1951 UTC = Sat Sep 8 23:59:59 1951 JDT isdst=1 gmtoff=36000 +Asia/Tokyo Sat Sep 8 14:00:00 1951 UTC = Sat Sep 8 23:00:00 1951 JST isdst=0 gmtoff=32400 +2018e +Asia/Tokyo Sat Sep 8 14:59:59 1951 UTC = Sun Sep 9 00:59:59 1951 JDT isdst=1 gmtoff=36000 +Asia/Tokyo Sat Sep 8 15:00:00 1951 UTC = Sun Sep 9 00:00:00 1951 JST isdst=0 gmtoff=32400 +2018f Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 Asia/Tokyo Fri Sep 7 16:00:00 1951 UTC = Sat Sep 8 01:00:00 1951 JST isdst=0 gmtoff=32400 +End + gen_zdump_test <<'End' America/St_Johns Sun Mar 11 03:30:59 2007 UTC = Sun Mar 11 00:00:59 2007 NST isdst=0 gmtoff=-12600 America/St_Johns Sun Mar 11 03:31:00 2007 UTC = Sun Mar 11 01:01:00 2007 NDT isdst=1 gmtoff=-9000 America/St_Johns Sun Nov 4 02:30:59 2007 UTC = Sun Nov 4 00:00:59 2007 NDT isdst=1 gmtoff=-9000 @@ -349,9 +381,18 @@ Europe/London Sun Aug 10 00:59:59 1947 UTC = Sun Aug 10 02:59:59 1947 BDST isds Europe/London Sun Aug 10 01:00:00 1947 UTC = Sun Aug 10 02:00:00 1947 BST isdst=1 gmtoff=3600 Europe/London Sun Nov 2 01:59:59 1947 UTC = Sun Nov 2 02:59:59 1947 BST isdst=1 gmtoff=3600 Europe/London Sun Nov 2 02:00:00 1947 UTC = Sun Nov 2 02:00:00 1947 GMT isdst=0 gmtoff=0 +End + if CORRECT_KIRITIMATI_SKIP_1994 + gen_zdump_test <<'End' +Pacific/Kiritimati Sat Dec 31 09:59:59 1994 UTC = Fri Dec 30 23:59:59 1994 LINT isdst=0 gmtoff=-36000 +Pacific/Kiritimati Sat Dec 31 10:00:00 1994 UTC = Sun Jan 1 00:00:00 1995 LINT isdst=0 gmtoff=50400 +End + else + gen_zdump_test <<'End' Pacific/Kiritimati Sun Jan 1 09:59:59 1995 UTC = Sat Dec 31 23:59:59 1994 LINT isdst=0 gmtoff=-36000 Pacific/Kiritimati Sun Jan 1 10:00:00 1995 UTC = Mon Jan 2 00:00:00 1995 LINT isdst=0 gmtoff=50400 End + end gen_zdump_test <<'End' if has_right_tz right/America/Los_Angeles Fri Jun 30 23:59:60 1972 UTC = Fri Jun 30 16:59:60 1972 PDT isdst=1 gmtoff=-25200 right/America/Los_Angeles Wed Dec 31 23:59:60 2008 UTC = Wed Dec 31 15:59:60 2008 PST isdst=0 gmtoff=-28800 diff --git a/test/rubygems/test_gem_commands_owner_command.rb b/test/rubygems/test_gem_commands_owner_command.rb index 7217f5c..d68e852 100644 --- a/test/rubygems/test_gem_commands_owner_command.rb +++ b/test/rubygems/test_gem_commands_owner_command.rb @@ -36,6 +36,31 @@ EOF assert_match %r{- user2@example.com}, @ui.output end + def test_show_owners_dont_load_objects + skip "testing a psych-only API" unless defined?(::Psych::DisallowedClass) + + response = < has an invalid name', e.message + end + end + def test_shebang util_make_exec @spec, "#!/usr/bin/ruby" diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb index 2f8747b..ee52f86 100644 --- a/test/rubygems/test_gem_package.rb +++ b/test/rubygems/test_gem_package.rb @@ -449,6 +449,31 @@ class TestGemPackage < Gem::Package::TarTestCase File.read(extracted) end + def test_extract_symlink_parent + skip 'symlink not supported' if Gem.win_platform? + + package = Gem::Package.new @gem + + tgz_io = util_tar_gz do |tar| + tar.mkdir 'lib', 0755 + tar.add_symlink 'lib/link', '../..', 0644 + tar.add_file 'lib/link/outside.txt', 0644 do |io| io.write 'hi' end + end + + # Extract into a subdirectory of @destination; if this test fails it writes + # a file outside destination_subdir, but we want the file to remain inside + # @destination so it will be cleaned up. + destination_subdir = File.join @destination, 'subdir' + FileUtils.mkdir_p destination_subdir + + e = assert_raises Gem::Package::PathError do + package.extract_tar_gz tgz_io, destination_subdir + end + + assert_equal("installing into parent path lib/link/outside.txt of " + + "#{destination_subdir} is not allowed", e.message) + end + def test_extract_tar_gz_directory package = Gem::Package.new @gem @@ -560,6 +585,21 @@ class TestGemPackage < Gem::Package::TarTestCase "#{@destination} is not allowed", e.message) end + def test_install_location_suffix + package = Gem::Package.new @gem + + filename = "../#{File.basename(@destination)}suffix.rb" + + e = assert_raises Gem::Package::PathError do + package.install_location filename, @destination + end + + parent = File.expand_path File.join @destination, filename + + assert_equal("installing into parent path #{parent} of " + + "#{@destination} is not allowed", e.message) + end + def test_load_spec entry = StringIO.new Gem.gzip @spec.to_yaml def entry.full_name() 'metadata.gz' end @@ -717,6 +757,32 @@ class TestGemPackage < Gem::Package::TarTestCase assert_match %r%nonexistent.gem$%, e.message end + def test_verify_duplicate_file + FileUtils.mkdir_p 'lib' + FileUtils.touch 'lib/code.rb' + + build = Gem::Package.new @gem + build.spec = @spec + build.setup_signer + open @gem, 'wb' do |gem_io| + Gem::Package::TarWriter.new gem_io do |gem| + build.add_metadata gem + build.add_contents gem + + gem.add_file_simple 'a.sig', 0444, 0 + gem.add_file_simple 'a.sig', 0444, 0 + end + end + + package = Gem::Package.new @gem + + e = assert_raises Gem::Security::Exception do + package.verify + end + + assert_equal 'duplicate files in the package: ("a.sig")', e.message + end + def test_verify_security_policy skip 'openssl is missing' unless defined?(OpenSSL::SSL) @@ -774,7 +840,13 @@ class TestGemPackage < Gem::Package::TarTestCase # write bogus data.tar.gz to foil signature bogus_data = Gem.gzip 'hello' - gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io| + fake_signer = Class.new do + def digest_name; 'SHA512'; end + def digest_algorithm; Digest(:SHA512); end + def key; 'key'; end + def sign(*); 'fake_sig'; end + end + gem.add_file_signed 'data2.tar.gz', 0444, fake_signer.new do |io| io.write bogus_data end diff --git a/test/rubygems/test_gem_package_tar_header.rb b/test/rubygems/test_gem_package_tar_header.rb index d338770..43f508d 100644 --- a/test/rubygems/test_gem_package_tar_header.rb +++ b/test/rubygems/test_gem_package_tar_header.rb @@ -143,5 +143,26 @@ group\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000 assert_equal '012467', @tar_header.checksum end + def test_from_bad_octal + test_cases = [ + "00000006,44\000", # bogus character + "00000006789\000", # non-octal digit + "+0000001234\000", # positive sign + "-0000001000\000", # negative sign + "0x000123abc\000", # radix prefix + ] + + test_cases.each do |val| + header_s = @tar_header.to_s + # overwrite the size field + header_s[124, 12] = val + io = TempIO.new header_s + assert_raises ArgumentError do + new_header = Gem::Package::TarHeader.from io + end + io.close! if io.respond_to? :close! + end + end + end diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb index 49b6b66..a3919c8 100644 --- a/test/rubygems/test_gem_remote_fetcher.rb +++ b/test/rubygems/test_gem_remote_fetcher.rb @@ -253,6 +253,21 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg== dns.verify end + def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path + uri = URI.parse "http://example.com/foo" + target = MiniTest::Mock.new + target.expect :target, "evil.com/a.example.com" + + dns = MiniTest::Mock.new + dns.expect :getresource, target, [String, Object] + + fetch = Gem::RemoteFetcher.new nil, dns + assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) + + target.verify + dns.verify + end + def test_api_endpoint_timeout_warning uri = URI.parse "http://gems.example.com/foo" diff --git a/test/rubygems/test_gem_server.rb b/test/rubygems/test_gem_server.rb index 0ece6d6..1ecf352 100644 --- a/test/rubygems/test_gem_server.rb +++ b/test/rubygems/test_gem_server.rb @@ -336,6 +336,171 @@ class TestGemServer < Gem::TestCase assert_match 'z 9', @res.body end + + def test_xss_homepage_fix_289313 + data = StringIO.new "GET / HTTP/1.0\r\n\r\n" + dir = "#{@gemhome}2" + + spec = util_spec 'xsshomepagegem', 1 + spec.homepage = "javascript:confirm(document.domain)" + + specs_dir = File.join dir, 'specifications' + FileUtils.mkdir_p specs_dir + + open File.join(specs_dir, spec.spec_name), 'w' do |io| + io.write spec.to_ruby + end + + server = Gem::Server.new dir, process_based_port, false + + @req.parse data + + server.root @req, @res + + assert_equal 200, @res.status + assert_match 'xsshomepagegem 1', @res.body + + # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a + # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here, + # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be + # validated in future versions of Gem::Specification. + # + # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex: + # + # Variant #1 - rdoc not installed + # + # xsshomepagegem 1 + # + # + # [rdoc] + # + # + # + # [www] + # + # Variant #2 - rdoc installed + # + # xsshomepagegem 1 + # + # + # \[rdoc\]<\/a> + # + # + # + # [www] + regex_match = /xsshomepagegem 1<\/b>[\n\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\n\s]+\[www\]<\/a>/ + assert_match regex_match, @res.body + end + + def test_invalid_homepage + data = StringIO.new "GET / HTTP/1.0\r\n\r\n" + dir = "#{@gemhome}2" + + spec = util_spec 'invalidhomepagegem', 1 + spec.homepage = "notavalidhomepageurl" + + specs_dir = File.join dir, 'specifications' + FileUtils.mkdir_p specs_dir + + open File.join(specs_dir, spec.spec_name), 'w' do |io| + io.write spec.to_ruby + end + + server = Gem::Server.new dir, process_based_port, false + + @req.parse data + + server.root @req, @res + + assert_equal 200, @res.status + assert_match 'invalidhomepagegem 1', @res.body + + # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a + # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here, + # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be + # validated in future versions of Gem::Specification. + # + # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex: + # + # Variant #1 - rdoc not installed + # + # invalidhomepagegem 1 + # + # + # [rdoc] + # + # + # + # [www] + # + # Variant #2 - rdoc installed + # + # invalidhomepagegem 1 + # + # + # \[rdoc\]<\/a> + # + # + # + # [www] + regex_match = /invalidhomepagegem 1<\/b>[\n\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\n\s]+\[www\]<\/a>/ + assert_match regex_match, @res.body + end + + def test_valid_homepage_http + data = StringIO.new "GET / HTTP/1.0\r\n\r\n" + dir = "#{@gemhome}2" + + spec = util_spec 'validhomepagegemhttp', 1 + spec.homepage = "http://rubygems.org" + + specs_dir = File.join dir, 'specifications' + FileUtils.mkdir_p specs_dir + + open File.join(specs_dir, spec.spec_name), 'w' do |io| + io.write spec.to_ruby + end + + server = Gem::Server.new dir, process_based_port, false + + @req.parse data + + server.root @req, @res + + assert_equal 200, @res.status + assert_match 'validhomepagegemhttp 1', @res.body + + regex_match = /validhomepagegemhttp 1<\/b>[\n\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\n\s]+\[www\]<\/a>/ + assert_match regex_match, @res.body + end + + def test_valid_homepage_https + data = StringIO.new "GET / HTTP/1.0\r\n\r\n" + dir = "#{@gemhome}2" + + spec = util_spec 'validhomepagegemhttps', 1 + spec.homepage = "https://rubygems.org" + + specs_dir = File.join dir, 'specifications' + FileUtils.mkdir_p specs_dir + + open File.join(specs_dir, spec.spec_name), 'w' do |io| + io.write spec.to_ruby + end + + server = Gem::Server.new dir, process_based_port, false + + @req.parse data + + server.root @req, @res + + assert_equal 200, @res.status + assert_match 'validhomepagegemhttps 1', @res.body + + regex_match = /validhomepagegemhttps 1<\/b>[\n\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\n\s]+\[www\]<\/a>/ + assert_match regex_match, @res.body + end + def test_specs data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n" @req.parse data diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb index bc1c8d2..33b39fa 100644 --- a/test/rubygems/test_gem_specification.rb +++ b/test/rubygems/test_gem_specification.rb @@ -2879,7 +2879,22 @@ duplicate dependency on c (>= 1.2.3, development), (~> 1.2) use: @a1.validate end - assert_equal '"over at my cool site" is not a URI', e.message + assert_equal '"over at my cool site" is not a valid HTTP URI', e.message + + @a1.homepage = 'ftp://rubygems.org' + + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + + assert_equal '"ftp://rubygems.org" is not a valid HTTP URI', e.message + + @a1.homepage = 'http://rubygems.org' + assert_equal true, @a1.validate + + @a1.homepage = 'https://rubygems.org' + assert_equal true, @a1.validate + end end @@ -2974,7 +2989,37 @@ Did you mean 'Ruby'? @a1.validate end - assert_equal 'invalid value for attribute name: ":json"', e.message + assert_equal 'invalid value for attribute name: ":json" must be a string', e.message + + @a1.name = [] + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message + + @a1.name = "" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message + + @a1.name = "12345" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message + + @a1.name = "../malicious" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message + + @a1.name = "\ba\t" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message end def test_validate_non_nil diff --git a/test/rubygems/test_gem_text.rb b/test/rubygems/test_gem_text.rb index a6e22e0..04f3f60 100644 --- a/test/rubygems/test_gem_text.rb +++ b/test/rubygems/test_gem_text.rb @@ -36,6 +36,10 @@ Without the wrapping, the text might not look good in the RSS feed. assert_equal expected, format_text(text, 78) end + def test_format_removes_nonprintable_characters + assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) + end + def test_min3 assert_equal 1, min3(1, 1, 1) assert_equal 1, min3(1, 1, 2) @@ -74,4 +78,11 @@ Without the wrapping, the text might not look good in the RSS feed. assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") end + + def test_truncate_text + assert_equal "abc", truncate_text("abc", "desc") + assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) + s = "ab" * 500_001 + assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) + end end diff --git a/test/socket/test_unix.rb b/test/socket/test_unix.rb index 3fe7fb3..26aff18 100644 --- a/test/socket/test_unix.rb +++ b/test/socket/test_unix.rb @@ -285,6 +285,16 @@ class TestSocket_UNIXSocket < Test::Unit::TestCase File.unlink path if path && File.socket?(path) end + def test_open_nul_byte + tmpfile = Tempfile.new("s") + path = tmpfile.path + tmpfile.close(true) + assert_raise(ArgumentError) {UNIXServer.open(path+"\0")} + assert_raise(ArgumentError) {UNIXSocket.open(path+"\0")} + ensure + File.unlink path if path && File.socket?(path) + end + def test_addr bound_unix_socket(UNIXServer) {|serv, path| UNIXSocket.open(path) {|c| diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb index c8af2f5..a633653 100644 --- a/test/test_tempfile.rb +++ b/test/test_tempfile.rb @@ -345,5 +345,31 @@ puts Tempfile.new('foo').path f.close if f && !f.closed? File.unlink path if path end -end + TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' + + def test_open_traversal_dir + expect = Dir.glob(TRAVERSAL_PATH + '*').count + t = Tempfile.open([TRAVERSAL_PATH, 'foo']) + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + ensure + t.close! + end + + def test_new_traversal_dir + expect = Dir.glob(TRAVERSAL_PATH + '*').count + t = Tempfile.new(TRAVERSAL_PATH + 'foo') + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + ensure + t.close! + end + + def test_create_traversal_dir + expect = Dir.glob(TRAVERSAL_PATH + '*').count + Tempfile.create(TRAVERSAL_PATH + 'foo') + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + end +end diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index 4fc4bca..c9e85ae 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -56,4 +56,21 @@ class TestTmpdir < Test::Unit::TestCase assert_kind_of(String, d) } end + + TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' + TRAVERSAL_PATH.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM + + def test_mktmpdir_traversal + expect = Dir.glob(TRAVERSAL_PATH + '*').count + Dir.mktmpdir(TRAVERSAL_PATH + 'foo') + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + end + + def test_mktmpdir_traversal_array + expect = Dir.glob(TRAVERSAL_PATH + '*').count + Dir.mktmpdir([TRAVERSAL_PATH, 'foo']) + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + end end diff --git a/test/webrick/test_filehandler.rb b/test/webrick/test_filehandler.rb index 663b237..5b17e77 100644 --- a/test/webrick/test_filehandler.rb +++ b/test/webrick/test_filehandler.rb @@ -15,16 +15,10 @@ class WEBrick::TestFileHandler < Test::Unit::TestCase end def get_res_body(res) - body = res.body - if defined? body.read - begin - body.read - ensure - body.close - end - else - body - end + sio = StringIO.new + sio.binmode + res.send_body(sio) + sio.string end def make_range_request(range_spec) @@ -76,6 +70,23 @@ class WEBrick::TestFileHandler < Test::Unit::TestCase res = make_range_response(filename, "bytes=0-0, -2") assert_match(%r{^multipart/byteranges}, res["content-type"]) + body = get_res_body(res) + boundary = /; boundary=(.+)/.match(res['content-type'])[1] + off = filesize - 2 + last = filesize - 1 + + exp = "--#{boundary}\r\n" \ + "Content-Type: text/plain\r\n" \ + "Content-Range: bytes 0-0/#{filesize}\r\n" \ + "\r\n" \ + "#{IO.read(__FILE__, 1)}\r\n" \ + "--#{boundary}\r\n" \ + "Content-Type: text/plain\r\n" \ + "Content-Range: bytes #{off}-#{last}/#{filesize}\r\n" \ + "\r\n" \ + "#{IO.read(__FILE__, 2, off)}\r\n" \ + "--#{boundary}--\r\n" + assert_equal exp, body end def test_filehandler diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb index 4376b91..b6376b5 100644 --- a/test/webrick/test_httpauth.rb +++ b/test/webrick/test_httpauth.rb @@ -4,6 +4,7 @@ require "net/http" require "tempfile" require "webrick" require "webrick/httpauth/basicauth" +require "stringio" require_relative "utils" class TestWEBrickHTTPAuth < Test::Unit::TestCase @@ -98,6 +99,42 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase } end + def test_bad_username_with_control_characters + log_tester = lambda {|log, access_log| + assert_equal(2, log.length) + assert_match(/ERROR Basic WEBrick's realm: foo\\ebar: the user is not allowed./, log[0]) + assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, log[1]) + } + TestWEBrick.start_httpserver({}, log_tester) {|server, addr, port, log| + realm = "WEBrick's realm" + path = "/basic_auth" + + Tempfile.create("test_webrick_auth") {|tmpfile| + tmpfile.close + tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") + tmp_pass.set_passwd(realm, "foo", "supersecretpassword") + tmp_pass.flush + + htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + users = [] + htpasswd.each{|user, pass| users << user } + server.mount_proc(path){|req, res| + auth = WEBrick::HTTPAuth::BasicAuth.new( + :Realm => realm, :UserDB => htpasswd, + :Logger => server.logger + ) + auth.authenticate(req, res) + res.body = "hoge" + } + http = Net::HTTP.new(addr, port) + g = Net::HTTP::Get.new(path) + g.basic_auth("foo\ebar", "passwd") + http.request(g){|res| assert_not_equal("hoge", res.body, log.call) } + } + } + end + DIGESTRES_ = / ([a-zA-Z\-]+) [ \t]*(?:\r\n[ \t]*)* @@ -175,12 +212,97 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase } end + def test_digest_auth_int + log_tester = lambda {|log, access_log| + log.reject! {|line| /\A\s*\z/ =~ line } + pats = [ + /ERROR Digest wb auth-int realm: no credentials in the request\./, + /ERROR WEBrick::HTTPStatus::Unauthorized/, + /ERROR Digest wb auth-int realm: foo: digest unmatch\./ + ] + pats.each {|pat| + assert(!log.grep(pat).empty?, "webrick log doesn't have expected error: #{pat.inspect}") + log.reject! {|line| pat =~ line } + } + assert_equal([], log) + } + TestWEBrick.start_httpserver({}, log_tester) {|server, addr, port, log| + realm = "wb auth-int realm" + path = "/digest_auth_int" + + Tempfile.create("test_webrick_auth_int") {|tmpfile| + tmpfile.close + tmp_pass = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path) + tmp_pass.set_passwd(realm, "foo", "Hunter2") + tmp_pass.flush + + htdigest = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path) + users = [] + htdigest.each{|user, pass| users << user } + assert_equal %w(foo), users + + auth = WEBrick::HTTPAuth::DigestAuth.new( + :Realm => realm, :UserDB => htdigest, + :Algorithm => 'MD5', + :Logger => server.logger, + :Qop => %w(auth-int), + ) + server.mount_proc(path){|req, res| + auth.authenticate(req, res) + res.body = "bbb" + } + Net::HTTP.start(addr, port) do |http| + post = Net::HTTP::Post.new(path) + params = {} + data = 'hello=world' + body = StringIO.new(data) + post.content_length = data.bytesize + post['Content-Type'] = 'application/x-www-form-urlencoded' + post.body_stream = body + + http.request(post) do |res| + assert_equal('401', res.code, log.call) + res["www-authenticate"].scan(DIGESTRES_) do |key, quoted, token| + params[key.downcase] = token || quoted.delete('\\') + end + params['uri'] = "http://#{addr}:#{port}#{path}" + end + + body.rewind + cred = credentials_for_request('foo', 'Hunter3', params, body) + post['Authorization'] = cred + post.body_stream = body + http.request(post){|res| + assert_equal('401', res.code, log.call) + assert_not_equal("bbb", res.body, log.call) + } + + body.rewind + cred = credentials_for_request('foo', 'Hunter2', params, body) + post['Authorization'] = cred + post.body_stream = body + http.request(post){|res| assert_equal("bbb", res.body, log.call)} + end + } + } + end + private - def credentials_for_request(user, password, params) + def credentials_for_request(user, password, params, body = nil) cnonce = "hoge" nonce_count = 1 ha1 = "#{user}:#{params['realm']}:#{password}" - ha2 = "GET:#{params['uri']}" + if body + dig = Digest::MD5.new + while buf = body.read(16384) + dig.update(buf) + end + body.rewind + ha2 = "POST:#{params['uri']}:#{dig.hexdigest}" + else + ha2 = "GET:#{params['uri']}" + end + request_digest = "#{Digest::MD5.hexdigest(ha1)}:" \ "#{params['nonce']}:#{'%08x' % nonce_count}:#{cnonce}:#{params['qop']}:" \ diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb index b3f06cd..6263e0a 100644 --- a/test/webrick/test_httpresponse.rb +++ b/test/webrick/test_httpresponse.rb @@ -2,6 +2,7 @@ require "webrick" require "minitest/autorun" require "stringio" +require "net/http" module WEBrick class TestHTTPResponse < MiniTest::Unit::TestCase @@ -28,6 +29,27 @@ module WEBrick @res.keep_alive = true end + def test_prevent_response_splitting_headers + res['X-header'] = "malicious\r\nCookie: hack" + io = StringIO.new + res.send_response io + io.rewind + res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) + assert_equal '500', res.code + refute_match 'hack', io.string + end + + def test_prevent_response_splitting_cookie_headers + user_input = "malicious\r\nCookie: hack" + res.cookies << WEBrick::Cookie.new('author', user_input) + io = StringIO.new + res.send_response io + io.rewind + res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) + assert_equal '500', res.code + refute_match 'hack', io.string + end + def test_304_does_not_log_warning res.status = 304 res.setup_header @@ -146,5 +168,38 @@ module WEBrick } assert_equal 0, logger.messages.length end + + def test_send_body_proc + @res.body = Proc.new { |out| out.write('hello') } + IO.pipe do |r, w| + @res.send_body(w) + w.close + r.binmode + assert_equal 'hello', r.read + end + assert_equal 0, logger.messages.length + end + + def test_send_body_proc_chunked + @res.body = Proc.new { |out| out.write('hello') } + @res.chunked = true + IO.pipe do |r, w| + @res.send_body(w) + w.close + r.binmode + assert_equal "5\r\nhello\r\n0\r\n\r\n", r.read + end + assert_equal 0, logger.messages.length + end + + def test_set_error + status = 400 + message = 'missing attribute' + @res.status = status + error = WEBrick::HTTPStatus[status].new(message) + body = @res.set_error(error) + assert_match(/#{@res.reason_phrase}/, body) + assert_match(/#{message}/, body) + end end end diff --git a/test/webrick/test_httpserver.rb b/test/webrick/test_httpserver.rb index 5adf617..fb6d369 100644 --- a/test/webrick/test_httpserver.rb +++ b/test/webrick/test_httpserver.rb @@ -410,4 +410,96 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase } assert_equal(0, requested, "Server responded to #{requested} requests after shutdown") end + + def test_cntrl_in_path + log_ary = [] + access_log_ary = [] + config = { + :Port => 0, + :BindAddress => '127.0.0.1', + :Logger => WEBrick::Log.new(log_ary, WEBrick::BasicLog::WARN), + :AccessLog => [[access_log_ary, '']], + } + s = WEBrick::HTTPServer.new(config) + s.mount('/foo', WEBrick::HTTPServlet::FileHandler, __FILE__) + th = Thread.new { s.start } + addr = s.listeners[0].addr + + http = Net::HTTP.new(addr[3], addr[1]) + req = Net::HTTP::Get.new('/notexist%0a/foo') + http.request(req) { |res| assert_equal('404', res.code) } + exp = %Q(ERROR `/notexist\\n/foo' not found.\n) + assert_equal 1, log_ary.size + assert log_ary[0].include?(exp) + ensure + s&.shutdown + th&.join + end + + def test_gigantic_request_header + log_tester = lambda {|log, access_log| + assert_equal 1, log.size + assert log[0].include?('ERROR headers too large') + } + TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log| + server.mount('/', WEBrick::HTTPServlet::FileHandler, __FILE__) + TCPSocket.open(addr, port) do |c| + c.write("GET / HTTP/1.0\r\n") + junk = -"X-Junk: #{' ' * 1024}\r\n" + assert_raise(Errno::ECONNRESET, Errno::EPIPE) do + loop { c.write(junk) } + end + end + } + end + + def test_eof_in_chunk + log_tester = lambda do |log, access_log| + assert_equal 1, log.size + assert log[0].include?('ERROR bad chunk data size') + end + TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log| + server.mount_proc('/', ->(req, res) { res.body = req.body }) + TCPSocket.open(addr, port) do |c| + c.write("POST / HTTP/1.1\r\nHost: example.com\r\n" \ + "Transfer-Encoding: chunked\r\n\r\n5\r\na") + c.shutdown(Socket::SHUT_WR) # trigger EOF in server + res = c.read + assert_match %r{\AHTTP/1\.1 400 }, res + end + } + end + + def test_big_chunks + nr_out = 3 + buf = 'big' # 3 bytes is bigger than 2! + config = { :InputBufferSize => 2 }.freeze + total = 0 + all = '' + TestWEBrick.start_httpserver(config){|server, addr, port, log| + server.mount_proc('/', ->(req, res) { + err = [] + ret = req.body do |chunk| + n = chunk.bytesize + n > config[:InputBufferSize] and err << "#{n} > :InputBufferSize" + total += n + all << chunk + end + ret.nil? or err << 'req.body should return nil' + (buf * nr_out) == all or err << 'input body does not match expected' + res.header['connection'] = 'close' + res.body = err.join("\n") + }) + TCPSocket.open(addr, port) do |c| + c.write("POST / HTTP/1.1\r\nHost: example.com\r\n" \ + "Transfer-Encoding: chunked\r\n\r\n") + chunk = "#{buf.bytesize.to_s(16)}\r\n#{buf}\r\n" + nr_out.times { c.write(chunk) } + c.write("0\r\n\r\n") + head, body = c.read.split("\r\n\r\n") + assert_match %r{\AHTTP/1\.1 200 OK}, head + assert_nil body + end + } + end end diff --git a/thread_pthread.c b/thread_pthread.c index 4aa2d62..023e96e 100644 --- a/thread_pthread.c +++ b/thread_pthread.c @@ -1313,17 +1313,21 @@ void rb_thread_wakeup_timer_thread(void) { /* must be safe inside sighandler, so no mutex */ - ATOMIC_INC(timer_thread_pipe.writing); - rb_thread_wakeup_timer_thread_fd(&timer_thread_pipe.normal[1]); - ATOMIC_DEC(timer_thread_pipe.writing); + if (timer_thread_pipe.owner_process == getpid()) { + ATOMIC_INC(timer_thread_pipe.writing); + rb_thread_wakeup_timer_thread_fd(&timer_thread_pipe.normal[1]); + ATOMIC_DEC(timer_thread_pipe.writing); + } } static void rb_thread_wakeup_timer_thread_low(void) { - ATOMIC_INC(timer_thread_pipe.writing); - rb_thread_wakeup_timer_thread_fd(&timer_thread_pipe.low[1]); - ATOMIC_DEC(timer_thread_pipe.writing); + if (timer_thread_pipe.owner_process == getpid()) { + ATOMIC_INC(timer_thread_pipe.writing); + rb_thread_wakeup_timer_thread_fd(&timer_thread_pipe.low[1]); + ATOMIC_DEC(timer_thread_pipe.writing); + } } /* VM-dependent API is not available for this function */ -- 2.30.2