[DRE-commits] [ruby-ox] 02/04: fix_parse_obj_segfault.patch: fix segmentation fault in parse_obj method
Cédric Boutillier
boutil at moszumanska.debian.org
Sun Nov 26 23:17:03 UTC 2017
This is an automated email from the git hooks/post-receive script.
boutil pushed a commit to branch jessie/master
in repository ruby-ox.
commit da480f13e8f7d74b3f41b8c5b3b4df5c3056b7fc
Author: Cédric Boutillier <boutil at debian.org>
Date: Sun Nov 26 01:16:36 2017 +0100
fix_parse_obj_segfault.patch: fix segmentation fault in parse_obj method
---
debian/patches/fix_parse_obj_segfault.patch | 51 +++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 52 insertions(+)
diff --git a/debian/patches/fix_parse_obj_segfault.patch b/debian/patches/fix_parse_obj_segfault.patch
new file mode 100644
index 0000000..81a1fd2
--- /dev/null
+++ b/debian/patches/fix_parse_obj_segfault.patch
@@ -0,0 +1,51 @@
+Description: Avoid crash with invalid XML passed to Oj.parse_obj()
+ this fixes CVE-2017-15928
+Author: Peter Ohler <peter at ohler.com>
+Origin: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8.patch
+Bug: https://github.com/ohler55/ox/issues/194
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
+Last-Update: 2017-11-25
+
+--- a/ext/ox/obj_load.c
++++ b/ext/ox/obj_load.c
+@@ -791,8 +791,10 @@
+ Helper gh;
+
+ helper_stack_pop(&pi->helpers);
+- gh = helper_stack_peek(&pi->helpers);
+-
++ if (NULL == (gh = helper_stack_peek(&pi->helpers))) {
++ set_error(&pi->err, "Corrupt parse stack, container is wrong type", pi->str, pi->s);
++ return;
++ }
+ rb_hash_aset(gh->obj, ph->obj, h->obj);
+ }
+ break;
+--- a/ext/ox/err.c
++++ b/ext/ox/err.c
+@@ -42,7 +42,11 @@
+ va_end(ap);
+ }
+
++#if __GNUC__ > 4
++_Noreturn void
++#else
+ void
++#endif
+ ox_err_raise(Err e) {
+ rb_raise(e->clas, "%s", e->msg);
+ }
+--- a/ext/ox/ox.c
++++ b/ext/ox/ox.c
+@@ -990,7 +990,11 @@
+ #endif
+ }
+
++#if __GNUC__ > 4
++_Noreturn void
++#else
+ void
++#endif
+ _ox_raise_error(const char *msg, const char *xml, const char *current, const char* file, int line) {
+ int xline = 1;
+ int col = 1;
diff --git a/debian/patches/series b/debian/patches/series
index 2c95fe1..74d42fa 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
+fix_parse_obj_segfault.patch
000-fix-so-load-path.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-ox.git
More information about the Pkg-ruby-extras-commits
mailing list