[gentoo-commits] gentoo-x86 commit in dev-lang/ruby/files: ruby-1.8.6_p287-entity_expansion_limit.diff - gentoo-commits

From:	"Hans de Graaff (graaff)" <graaff@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-lang/ruby/files: ruby-1.8.6_p287-entity_expansion_limit.diff
Date:	Fri, 29 Aug 2008 06:25:38
Message-Id:	`E1KYxQN-0000xz-Ip@stork.gentoo.org`

1

graaff      08/08/29 06:25:35

2

3

  Added:                ruby-1.8.6_p287-entity_expansion_limit.diff

4

  Log:

5

  Version bump for security issue #236060

6

  (Portage version: 2.1.4.4)

7

8

Revision  Changes    Path

9

1.1                  dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff?rev=1.1&content-type=text/plain

13

14

Index: ruby-1.8.6_p287-entity_expansion_limit.diff

15

===================================================================

16

Fix for a security issue in the REXML library from the ruby-core list:

17

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/18414

18

https://bugs.gentoo.org/show_bug.cgi?id=236060

19

20

Index: lib/rexml/document.rb

21

===================================================================

22

--- lib/rexml/document.rb	(revision 18834)

23

+++ lib/rexml/document.rb	(working copy)

24

@@ -32,6 +32,7 @@

25

 	  # @param context if supplied, contains the context of the document;

26

 	  # this should be a Hash.

27

 		def initialize( source = nil, context = {} )

28

+      @entity_expansion_count = 0

29

 			super()

30

 			@context = context

31

 			return if source.nil?

32

@@ -200,6 +201,27 @@

33

 			Parsers::StreamParser.new( source, listener ).parse

34

end

35

36

+    @@entity_expansion_limit = 10_000

37

+

38

+    # Set the entity expansion limit. By defualt the limit is set to 10000.

39

+    def Document::entity_expansion_limit=( val )

40

+      @@entity_expansion_limit = val

41

+    end

42

+

43

+    # Get the entity expansion limit. By defualt the limit is set to 10000.

44

+    def Document::entity_expansion_limit

45

+      return @@entity_expansion_limit

46

+    end

47

+

48

+    attr_reader :entity_expansion_count

49

+

50

+    def record_entity_expansion

51

+      @entity_expansion_count += 1

52

+      if @entity_expansion_count > @@entity_expansion_limit

53

+        raise "number of entity expansions exceeded, processing aborted."

54

+      end

55

+    end

56

+

57

 		private

58

 		def build( source )

59

       Parsers::TreeParser.new( source, self ).parse

60

Index: lib/rexml/entity.rb

61

===================================================================

62

--- lib/rexml/entity.rb	(revision 18834)

63

+++ lib/rexml/entity.rb	(working copy)

64

@@ -73,6 +73,7 @@

65

 		# all entities -- both %ent; and &ent; entities.  This differs from

66

 		# +value()+ in that +value+ only replaces %ent; entities.

67

 		def unnormalized

68

+      document.record_entity_expansion

69

 			v = value()

70

 			return nil if v.nil?

71

 			@unnormalized = Text::unnormalize(v, parent)

72

Index: test/rexml/test_document.rb

73

===================================================================

74

--- test/rexml/test_document.rb	(revision 0)

75

+++ test/rexml/test_document.rb	(revision 0)

76

@@ -0,0 +1,42 @@

77

+require "rexml/document"

78

+require "test/unit"

79

+

80

+class REXML::TestDocument < Test::Unit::TestCase

81

+  def test_new

82

+    doc = REXML::Document.new(<<EOF)

83

+<?xml version="1.0" encoding="UTF-8"?>

84

+<message>Hello world!</message>

85

+EOF

86

+    assert_equal("Hello world!", doc.root.children.first.value)

87

+  end

88

+

89

+  XML_WITH_NESTED_ENTITY = <<EOF

90

+<?xml version="1.0" encoding="UTF-8"?>

91

+<!DOCTYPE member [

92

+  <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">

93

+  <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">

94

+  <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">

95

+  <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">

96

+  <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">

97

+  <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">

98

+  <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">

99

+]>

100

+<member>

101

+&a;

102

+</member>

103

+EOF

104

+

105

+  def test_entity_expansion_limit

106

+    doc = REXML::Document.new(XML_WITH_NESTED_ENTITY)

107

+    assert_raise(RuntimeError) do

108

+      doc.root.children.first.value

109

+    end

110

+    REXML::Document.entity_expansion_limit = 100

111

+    assert_equal(100, REXML::Document.entity_expansion_limit)

112

+    doc = REXML::Document.new(XML_WITH_NESTED_ENTITY)

113

+    assert_raise(RuntimeError) do

114

+      doc.root.children.first.value

115

+    end

116

+    assert_equal(101, doc.entity_expansion_count)

117

+  end

118

+end

1	graaff 08/08/29 06:25:35
2
3	Added: ruby-1.8.6_p287-entity_expansion_limit.diff
4	Log:
5	Version bump for security issue #236060
6	(Portage version: 2.1.4.4)
7
8	Revision Changes Path
9	1.1 dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff?rev=1.1&content-type=text/plain
13
14	Index: ruby-1.8.6_p287-entity_expansion_limit.diff
15	===================================================================
16	Fix for a security issue in the REXML library from the ruby-core list:
17	http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/18414
18	https://bugs.gentoo.org/show_bug.cgi?id=236060
19
20	Index: lib/rexml/document.rb
21	===================================================================
22	--- lib/rexml/document.rb (revision 18834)
23	+++ lib/rexml/document.rb (working copy)
24	@@ -32,6 +32,7 @@
25	# @param context if supplied, contains the context of the document;
26	# this should be a Hash.
27	def initialize( source = nil, context = {} )
28	+ @entity_expansion_count = 0
29	super()
30	@context = context
31	return if source.nil?
32	@@ -200,6 +201,27 @@
33	Parsers::StreamParser.new( source, listener ).parse
34	end
35
36	+ @@entity_expansion_limit = 10_000
37	+
38	+ # Set the entity expansion limit. By defualt the limit is set to 10000.
39	+ def Document::entity_expansion_limit=( val )
40	+ @@entity_expansion_limit = val
41	+ end
42	+
43	+ # Get the entity expansion limit. By defualt the limit is set to 10000.
44	+ def Document::entity_expansion_limit
45	+ return @@entity_expansion_limit
46	+ end
47	+
48	+ attr_reader :entity_expansion_count
49	+
50	+ def record_entity_expansion
51	+ @entity_expansion_count += 1
52	+ if @entity_expansion_count > @@entity_expansion_limit
53	+ raise "number of entity expansions exceeded, processing aborted."
54	+ end
55	+ end
56	+
57	private
58	def build( source )
59	Parsers::TreeParser.new( source, self ).parse
60	Index: lib/rexml/entity.rb
61	===================================================================
62	--- lib/rexml/entity.rb (revision 18834)
63	+++ lib/rexml/entity.rb (working copy)
64	@@ -73,6 +73,7 @@
65	# all entities -- both %ent; and &ent; entities. This differs from
66	# +value()+ in that +value+ only replaces %ent; entities.
67	def unnormalized
68	+ document.record_entity_expansion
69	v = value()
70	return nil if v.nil?
71	@unnormalized = Text::unnormalize(v, parent)
72	Index: test/rexml/test_document.rb
73	===================================================================
74	--- test/rexml/test_document.rb (revision 0)
75	+++ test/rexml/test_document.rb (revision 0)
76	@@ -0,0 +1,42 @@
77	+require "rexml/document"
78	+require "test/unit"
79	+
80	+class REXML::TestDocument < Test::Unit::TestCase
81	+ def test_new
82	+ doc = REXML::Document.new(<<EOF)
83	+<?xml version="1.0" encoding="UTF-8"?>
84	+<message>Hello world!</message>
85	+EOF
86	+ assert_equal("Hello world!", doc.root.children.first.value)
87	+ end
88	+
89	+ XML_WITH_NESTED_ENTITY = <<EOF
90	+<?xml version="1.0" encoding="UTF-8"?>
91	+<!DOCTYPE member [
92	+ <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
93	+ <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
94	+ <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
95	+ <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
96	+ <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
97	+ <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
98	+ <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
99	+]>
100	+<member>
101	+&a;
102	+</member>
103	+EOF
104	+
105	+ def test_entity_expansion_limit
106	+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY)
107	+ assert_raise(RuntimeError) do
108	+ doc.root.children.first.value
109	+ end
110	+ REXML::Document.entity_expansion_limit = 100
111	+ assert_equal(100, REXML::Document.entity_expansion_limit)
112	+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY)
113	+ assert_raise(RuntimeError) do
114	+ doc.root.children.first.value
115	+ end
116	+ assert_equal(101, doc.entity_expansion_count)
117	+ end
118	+end

Gentoo Archives: gentoo-commits