Sophie

Sophie

distrib > Mageia > 6 > armv7hl > media > core-updates-src > by-pkgid > 579ec31679d802214071dd38321052b7 > files > 3

jruby-1.7.22-5.1.mga6.src.rpm

From: Markus Koschany <apo@debian.org>
Date: Sun, 29 Apr 2018 21:34:44 +0200
Subject: CVE-2018-1000075

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778
Origin: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
---
 lib/ruby/shared/rubygems/package/tar_header.rb     | 23 +++++++++++++---------
 .../rubygems/test_gem_package_tar_header.rb        | 20 +++++++++++++++++++
 2 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/lib/ruby/shared/rubygems/package/tar_header.rb b/lib/ruby/shared/rubygems/package/tar_header.rb
index f9ab13a..9b457ec 100644
--- a/lib/ruby/shared/rubygems/package/tar_header.rb
+++ b/lib/ruby/shared/rubygems/package/tar_header.rb
@@ -103,25 +103,30 @@ class Gem::Package::TarHeader
     fields = header.unpack UNPACK_FORMAT
 
     new :name     => fields.shift,
-        :mode     => fields.shift.oct,
-        :uid      => fields.shift.oct,
-        :gid      => fields.shift.oct,
-        :size     => fields.shift.oct,
-        :mtime    => fields.shift.oct,
-        :checksum => fields.shift.oct,
+        :mode     => strict_oct(fields.shift),
+        :uid      => strict_oct(fields.shift),
+        :gid      => strict_oct(fields.shift),
+        :size     => strict_oct(fields.shift),
+        :mtime    => strict_oct(fields.shift),
+        :checksum => strict_oct(fields.shift),
         :typeflag => fields.shift,
         :linkname => fields.shift,
         :magic    => fields.shift,
-        :version  => fields.shift.oct,
+        :version  => strict_oct(fields.shift),
         :uname    => fields.shift,
         :gname    => fields.shift,
-        :devmajor => fields.shift.oct,
-        :devminor => fields.shift.oct,
+        :devmajor => strict_oct(fields.shift),
+        :devminor => strict_oct(fields.shift),
         :prefix   => fields.shift,
 
         :empty => empty
   end
 
+  def self.strict_oct(str)
+    return str.oct if str =~ /\A[0-7]*\z/
+    raise ArgumentError, "#{str.inspect} is not an octal string"
+  end
+
   ##
   # Creates a new TarHeader using +vals+
 
diff --git a/test/externals/ruby1.9/rubygems/test_gem_package_tar_header.rb b/test/externals/ruby1.9/rubygems/test_gem_package_tar_header.rb
index 5d85543..0ddb440 100644
--- a/test/externals/ruby1.9/rubygems/test_gem_package_tar_header.rb
+++ b/test/externals/ruby1.9/rubygems/test_gem_package_tar_header.rb
@@ -126,5 +126,25 @@ group\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
     assert_equal '012467', @tar_header.checksum
   end
 
+  def test_from_bad_octal
+    test_cases = [
+      "00000006,44\000", # bogus character
+      "00000006789\000", # non-octal digit
+      "+0000001234\000", # positive sign
+      "-0000001000\000", # negative sign
+      "0x000123abc\000", # radix prefix
+    ]
+
+    test_cases.each do |val|
+      header_s = @tar_header.to_s
+      # overwrite the size field
+      header_s[124, 12] = val
+      io = TempIO.new header_s
+      assert_raises ArgumentError do
+        new_header = Gem::Package::TarHeader.from io
+      end
+    end
+  end
+
 end

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional