1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

win32/file.c: fix no user exception

Browse Source 
* win32/file.c (append_wstr): set expanded length, not length of
  appended string.  fix "probable buffer overflow" bug.
  [ruby-core:65317] [Bug #10304]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47738 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2014-09-29 13:54:50 +00:00
parent ef08f00541
commit edae1c7200
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,4 +1,8 @@
Mon Sep 29 22:54:39 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> Mon Sep 29 22:54:51 2014 Nobuyoshi Nakada <nobu@ruby-lang.org>
* win32/file.c (append_wstr): set expanded length, not length of
appended string. fix "probable buffer overflow" bug.
[ruby-core:65317] [Bug #10304]
* string.c (str_make_independent_expand): drop NOFREE flag after * string.c (str_make_independent_expand): drop NOFREE flag after
reallocation, static buffer is not pointed anymore. reallocation, static buffer is not pointed anymore.

16
win32/file.c
View File

@ -272,14 +272,14 @@ replace_to_long_name(wchar_t **wfullpath, size_t size, int heap)
} }
static inline size_t static inline size_t
user_length_in_path(const wchar_t *wuser) user_length_in_path(const wchar_t *wuser, size_t len)
{ {
const wchar_t *pos = wuser; size_t i;
while (!IS_DIR_SEPARATOR_P(*pos) && *pos != '\0') for (i = 0; i < len && !IS_DIR_SEPARATOR_P(wuser[i]); i++)
pos++; ;
return pos - wuser; return i;
} }
static VALUE static VALUE
@ -293,7 +293,7 @@ append_wstr(VALUE dst, const wchar_t *ws, size_t len, UINT cp, UINT path_cp, rb_
rb_str_modify_expand(dst, nlen); rb_str_modify_expand(dst, nlen);
WideCharToMultiByte(cp, 0, ws, len, RSTRING_PTR(dst) + olen, nlen, NULL, NULL); WideCharToMultiByte(cp, 0, ws, len, RSTRING_PTR(dst) + olen, nlen, NULL, NULL);
rb_enc_associate(dst, path_encoding); rb_enc_associate(dst, path_encoding);
rb_str_set_len(dst, nlen); rb_str_set_len(dst, olen + nlen);
} }
else { else {
const int replaceflags = ECONV_UNDEF_REPLACE|ECONV_INVALID_REPLACE; const int replaceflags = ECONV_UNDEF_REPLACE|ECONV_INVALID_REPLACE;
@ -402,7 +402,7 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na
} }
else if (abs_mode == 0 && wpath_len >= 2 && wpath_pos[0] == L'~') { else if (abs_mode == 0 && wpath_len >= 2 && wpath_pos[0] == L'~') {
result = rb_str_new_cstr("can't find user "); result = rb_str_new_cstr("can't find user ");
result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1), result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1, wpath_len - 1),
cp, path_cp, path_encoding); cp, path_cp, path_encoding);
if (wpath) if (wpath)
@ -478,7 +478,7 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na
} }
else if (abs_mode == 0 && wdir_len >= 2 && wdir_pos[0] == L'~') { else if (abs_mode == 0 && wdir_len >= 2 && wdir_pos[0] == L'~') {
result = rb_str_new_cstr("can't find user "); result = rb_str_new_cstr("can't find user ");
result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1), result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1, wdir_len - 1),
cp, path_cp, path_encoding); cp, path_cp, path_encoding);
if (wpath) if (wpath)
free(wpath); free(wpath);