strftime.c: limit result size
* strftime.c (rb_strftime_with_timespec): limit the result string size by the format length, to get rid of unlimited memory use. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
0a97832e6a
commit
0c22cfd0ce
@ -1,3 +1,8 @@
|
|||||||
|
Tue Jun 14 22:22:07 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||||
|
|
||||||
|
* strftime.c (rb_strftime_with_timespec): limit the result string
|
||||||
|
size by the format length, to get rid of unlimited memory use.
|
||||||
|
|
||||||
Tue Jun 14 22:11:11 2016 Kazuki Yamaguchi <k@rhe.jp>
|
Tue Jun 14 22:11:11 2016 Kazuki Yamaguchi <k@rhe.jp>
|
||||||
|
|
||||||
* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash,
|
* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash,
|
||||||
|
56
strftime.c
56
strftime.c
@ -162,10 +162,14 @@ enum {LEFT, CHCASE, LOWER, UPPER};
|
|||||||
|
|
||||||
static char *
|
static char *
|
||||||
resize_buffer(VALUE ftime, char *s, const char **start, const char **endp,
|
resize_buffer(VALUE ftime, char *s, const char **start, const char **endp,
|
||||||
ptrdiff_t n)
|
ptrdiff_t n, size_t maxsize)
|
||||||
{
|
{
|
||||||
size_t len = s - *start;
|
size_t len = s - *start;
|
||||||
size_t nlen = len + n * 2;
|
size_t nlen = len + n * 2;
|
||||||
|
|
||||||
|
if (nlen < len || nlen > maxsize) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
rb_str_set_len(ftime, len);
|
rb_str_set_len(ftime, len);
|
||||||
rb_str_modify_expand(ftime, nlen-len);
|
rb_str_modify_expand(ftime, nlen-len);
|
||||||
s = RSTRING_PTR(ftime);
|
s = RSTRING_PTR(ftime);
|
||||||
@ -174,6 +178,18 @@ resize_buffer(VALUE ftime, char *s, const char **start, const char **endp,
|
|||||||
return s += len;
|
return s += len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
buffer_size_check(const char *s,
|
||||||
|
const char *format_end, size_t format_len,
|
||||||
|
rb_encoding *enc)
|
||||||
|
{
|
||||||
|
if (!s) {
|
||||||
|
const char *format = format_end-format_len;
|
||||||
|
VALUE fmt = rb_enc_str_new(format, format_len, enc);
|
||||||
|
rb_syserr_fail_str(ERANGE, fmt);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static char *
|
static char *
|
||||||
case_conv(char *s, ptrdiff_t i, int flags)
|
case_conv(char *s, ptrdiff_t i, int flags)
|
||||||
{
|
{
|
||||||
@ -211,7 +227,7 @@ format_value(VALUE val, int base)
|
|||||||
static VALUE
|
static VALUE
|
||||||
rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
|
rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
|
||||||
rb_encoding *enc, const struct vtm *vtm, VALUE timev,
|
rb_encoding *enc, const struct vtm *vtm, VALUE timev,
|
||||||
struct timespec *ts, int gmt)
|
struct timespec *ts, int gmt, size_t maxsize)
|
||||||
{
|
{
|
||||||
size_t len = RSTRING_LEN(ftime);
|
size_t len = RSTRING_LEN(ftime);
|
||||||
char *s = RSTRING_PTR(ftime);
|
char *s = RSTRING_PTR(ftime);
|
||||||
@ -262,8 +278,10 @@ rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
|
|||||||
goto unknown; \
|
goto unknown; \
|
||||||
} while (0)
|
} while (0)
|
||||||
#define NEEDS(n) do { \
|
#define NEEDS(n) do { \
|
||||||
if (s >= endp || (n) >= endp - s - 1) \
|
if (s >= endp || (n) >= endp - s - 1) { \
|
||||||
s = resize_buffer(ftime, s, &start, &endp, (n)); \
|
s = resize_buffer(ftime, s, &start, &endp, (n), maxsize); \
|
||||||
|
buffer_size_check(s, format_end, format_len, enc); \
|
||||||
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
#define FILL_PADDING(i) do { \
|
#define FILL_PADDING(i) do { \
|
||||||
if (!(flags & BIT_OF(LEFT)) && precision > (i)) { \
|
if (!(flags & BIT_OF(LEFT)) && precision > (i)) { \
|
||||||
@ -298,7 +316,8 @@ rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
|
|||||||
do { \
|
do { \
|
||||||
len = s - start; \
|
len = s - start; \
|
||||||
rb_str_set_len(ftime, len); \
|
rb_str_set_len(ftime, len); \
|
||||||
if (!rb_strftime_with_timespec(ftime, (fmt), rb_strlen_lit(fmt), enc, vtm, timev, ts, gmt)) \
|
if (!rb_strftime_with_timespec(ftime, (fmt), rb_strlen_lit(fmt), \
|
||||||
|
enc, vtm, timev, ts, gmt, maxsize)) \
|
||||||
return 0; \
|
return 0; \
|
||||||
s = RSTRING_PTR(ftime); \
|
s = RSTRING_PTR(ftime); \
|
||||||
i = RSTRING_LEN(ftime) - len; \
|
i = RSTRING_LEN(ftime) - len; \
|
||||||
@ -881,13 +900,23 @@ rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
|
|||||||
return ftime;
|
return ftime;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static size_t
|
||||||
|
strftime_size_limit(size_t format_len)
|
||||||
|
{
|
||||||
|
size_t limit = format_len * (1*1024*1024);
|
||||||
|
if (limit < format_len) limit = format_len;
|
||||||
|
else if (limit < 1024) limit = 1024;
|
||||||
|
return limit;
|
||||||
|
}
|
||||||
|
|
||||||
VALUE
|
VALUE
|
||||||
rb_strftime(const char *format, size_t format_len,
|
rb_strftime(const char *format, size_t format_len,
|
||||||
rb_encoding *enc, const struct vtm *vtm, VALUE timev, int gmt)
|
rb_encoding *enc, const struct vtm *vtm, VALUE timev, int gmt)
|
||||||
{
|
{
|
||||||
VALUE result = rb_enc_str_new(0, 0, enc);
|
VALUE result = rb_enc_str_new(0, 0, enc);
|
||||||
return rb_strftime_with_timespec(result, format, format_len, enc,
|
return rb_strftime_with_timespec(result, format, format_len, enc,
|
||||||
vtm, timev, NULL, gmt);
|
vtm, timev, NULL, gmt,
|
||||||
|
strftime_size_limit(format_len));
|
||||||
}
|
}
|
||||||
|
|
||||||
VALUE
|
VALUE
|
||||||
@ -896,9 +925,22 @@ rb_strftime_timespec(const char *format, size_t format_len,
|
|||||||
{
|
{
|
||||||
VALUE result = rb_enc_str_new(0, 0, enc);
|
VALUE result = rb_enc_str_new(0, 0, enc);
|
||||||
return rb_strftime_with_timespec(result, format, format_len, enc,
|
return rb_strftime_with_timespec(result, format, format_len, enc,
|
||||||
vtm, Qnil, ts, gmt);
|
vtm, Qnil, ts, gmt,
|
||||||
|
strftime_size_limit(format_len));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
VALUE
|
||||||
|
rb_strftime_limit(const char *format, size_t format_len,
|
||||||
|
rb_encoding *enc, const struct vtm *vtm, struct timespec *ts,
|
||||||
|
int gmt, size_t maxsize)
|
||||||
|
{
|
||||||
|
VALUE result = rb_enc_str_new(0, 0, enc);
|
||||||
|
return rb_strftime_with_timespec(result, format, format_len, enc,
|
||||||
|
vtm, Qnil, ts, gmt, maxsize);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* isleap --- is a year a leap year? */
|
/* isleap --- is a year a leap year? */
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
Loading…
x
Reference in New Issue
Block a user