diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2004-11-25 15:25:33 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2004-11-25 15:25:33 +0000 |
| commit | 23003b882528f3d38b8eb60fbb793a162f224695 (patch) | |
| tree | 46d3f39f60372bf8b0ae40b291a4b5a24d1f2dc8 | |
| parent | 1aff41543ac94526950ecc8c2a53522b27db4e24 (diff) | |
| download | freebsd-ports-23003b882528f3d38b8eb60fbb793a162f224695.zip | |
Fix DoS in the Ruby CGI module.
Obtained from: ruby CVS
Reviewed by: trhodes
OK'ed by: maintainer silence
With hat: secteam
| -rw-r--r-- | lang/ruby16/Makefile | 1 | ||||
| -rw-r--r-- | lang/ruby16/files/patch-cgi.rb | 30 | ||||
| -rw-r--r-- | lang/ruby18/Makefile | 2 | ||||
| -rw-r--r-- | lang/ruby18/files/patch-cgi.rb | 27 |
4 files changed, 59 insertions, 1 deletions
diff --git a/lang/ruby16/Makefile b/lang/ruby16/Makefile index faaa12e4c351..884e968e1b09 100644 --- a/lang/ruby16/Makefile +++ b/lang/ruby16/Makefile @@ -7,6 +7,7 @@ PORTNAME= ruby${RUBY_R} PORTVERSION= ${RUBY_PORTVERSION} +PORTREVISION= 1 CATEGORIES= lang ruby ipv6 MASTER_SITES= ${MASTER_SITE_RUBY} MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY} diff --git a/lang/ruby16/files/patch-cgi.rb b/lang/ruby16/files/patch-cgi.rb new file mode 100644 index 000000000000..d84b3c23e74a --- /dev/null +++ b/lang/ruby16/files/patch-cgi.rb @@ -0,0 +1,30 @@ +--- lib/cgi.rb 2002/08/25 20:15:54 1.23.2.17 ++++ lib/cgi.rb 2004/10/24 23:37:19 1.23.2.18 +@@ -182,7 +182,7 @@ class CGI + CR = "\015" + LF = "\012" + EOL = CR + LF +- REVISION = '$Id: cgi.rb,v 1.23.2.17 2002/08/25 20:15:54 wakou Exp $' ++ REVISION = '$Id: cgi.rb,v 1.23.2.18 2004/10/24 23:37:19 matz Exp $' + + NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM) + PATH_SEPARATOR = {'UNIX'=>'/', 'WINDOWS'=>'\\', 'MACINTOSH'=>':'} +@@ -823,13 +823,15 @@ def read_multipart(boundary, content + end + + c = if bufsize < content_length +- stdinput.read(bufsize) or '' ++ stdinput.read(bufsize) + else +- stdinput.read(content_length) or '' ++ stdinput.read(content_length) + end ++ if c.nil? ++ raise EOFError, "bad content body" ++ end + buf += c + content_length -= c.size +- + end + + buf = buf.sub(/\A((?:.|\n)*?)(?:#{EOL})?#{boundary}(#{EOL}|--)/n) do diff --git a/lang/ruby18/Makefile b/lang/ruby18/Makefile index e1558869f663..e574bcfbde30 100644 --- a/lang/ruby18/Makefile +++ b/lang/ruby18/Makefile @@ -7,7 +7,7 @@ PORTNAME= ruby${RUBY_R} PORTVERSION= ${RUBY_PORTVERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= lang ruby ipv6 MASTER_SITES= ${MASTER_SITE_RUBY} MASTER_SITE_SUBDIR= ${MASTER_SITE_SUBDIR_RUBY} diff --git a/lang/ruby18/files/patch-cgi.rb b/lang/ruby18/files/patch-cgi.rb new file mode 100644 index 000000000000..b12660ce0baa --- /dev/null +++ b/lang/ruby18/files/patch-cgi.rb @@ -0,0 +1,27 @@ +--- lib/cgi.rb 2004/07/28 13:26:01 1.68.2.6 ++++ lib/cgi.rb 2004/10/27 02:46:50 1.68.2.7 +@@ -284,7 +284,7 @@ class CGI + # Standard internet newline sequence + EOL = CR + LF + +- REVISION = '$Id: cgi.rb,v 1.68.2.6 2004/07/28 13:26:01 matz Exp $' #:nodoc: ++ REVISION = '$Id: cgi.rb,v 1.68.2.7 2004/10/27 02:46:50 matz Exp $' #:nodoc: + + NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM) + +@@ -1012,10 +1012,13 @@ def read_multipart(boundary, content + end + + c = if bufsize < content_length +- stdinput.read(bufsize) or '' ++ stdinput.read(bufsize) + else +- stdinput.read(content_length) or '' ++ stdinput.read(content_length) + end ++ if c.nil? ++ raise EOFError, "bad content body" ++ end + buf.concat(c) + content_length -= c.size + end |