Sophie

Sophie

distrib > Mageia > 6 > armv7hl > media > core-updates-src > by-pkgid > 579ec31679d802214071dd38321052b7 > files > 7

jruby-1.7.22-5.1.mga6.src.rpm

From: Markus Koschany <apo@debian.org>
Date: Sun, 29 Apr 2018 21:56:44 +0200
Subject: CVE-2018-1000079

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778
Origin: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
Origin: https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759
---
 lib/ruby/shared/rubygems/package.rb | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/lib/ruby/shared/rubygems/package.rb b/lib/ruby/shared/rubygems/package.rb
index 42b753c..8e5c295 100644
--- a/lib/ruby/shared/rubygems/package.rb
+++ b/lib/ruby/shared/rubygems/package.rb
@@ -364,7 +364,7 @@ EOM
             File.dirname destination
           end
 
-        FileUtils.mkdir_p mkdir, mkdir_options
+        mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name
 
         open destination, 'wb' do |out|
           out.write entry.read
@@ -400,22 +400,35 @@ EOM
     raise Gem::Package::PathError.new(filename, destination_dir) if
       filename.start_with? '/'
 
-    destination_dir = File.realpath destination_dir if
-      File.respond_to? :realpath
+    destination_dir = realpath destination_dir
     destination_dir = File.expand_path destination_dir
 
     destination = File.join destination_dir, filename
-    destination = File.realpath destination if
-      File.respond_to? :realpath
     destination = File.expand_path destination
 
     raise Gem::Package::PathError.new(destination, destination_dir) unless
-      destination.start_with? destination_dir
+      destination.start_with? destination_dir + '/'
 
     destination.untaint
     destination
   end
 
+  def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name
+    destination_dir = realpath File.expand_path(destination_dir)
+    parts = mkdir.split(File::SEPARATOR)
+    parts.reduce do |path, basename|
+      path = realpath path  unless path == ""
+      path = File.expand_path(path + File::SEPARATOR + basename)
+      lstat = File.lstat path rescue nil
+      if !lstat || !lstat.directory?
+        unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false)
+          raise Gem::Package::PathError.new(file_name, destination_dir)
+        end
+      end
+      path
+    end
+  end
+
   ##
   # Loads a Gem::Specification from the TarEntry +entry+
 
@@ -606,6 +619,16 @@ EOM
     raise Gem::Package::FormatError.new(e.message, entry.full_name)
   end
 
+  if File.respond_to? :realpath
+    def realpath file
+      File.realpath file
+    end
+  else
+    def realpath file
+      file
+    end
+  end
+
 end
 
 require 'rubygems/package/digest_io'

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional