1 |
graaff 08/08/29 06:25:35 |
2 |
|
3 |
Added: ruby-1.8.6_p287-entity_expansion_limit.diff |
4 |
Log: |
5 |
Version bump for security issue #236060 |
6 |
(Portage version: 2.1.4.4) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/ruby/files/ruby-1.8.6_p287-entity_expansion_limit.diff?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: ruby-1.8.6_p287-entity_expansion_limit.diff |
15 |
=================================================================== |
16 |
Fix for a security issue in the REXML library from the ruby-core list: |
17 |
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/18414 |
18 |
https://bugs.gentoo.org/show_bug.cgi?id=236060 |
19 |
|
20 |
Index: lib/rexml/document.rb |
21 |
=================================================================== |
22 |
--- lib/rexml/document.rb (revision 18834) |
23 |
+++ lib/rexml/document.rb (working copy) |
24 |
@@ -32,6 +32,7 @@ |
25 |
# @param context if supplied, contains the context of the document; |
26 |
# this should be a Hash. |
27 |
def initialize( source = nil, context = {} ) |
28 |
+ @entity_expansion_count = 0 |
29 |
super() |
30 |
@context = context |
31 |
return if source.nil? |
32 |
@@ -200,6 +201,27 @@ |
33 |
Parsers::StreamParser.new( source, listener ).parse |
34 |
end |
35 |
|
36 |
+ @@entity_expansion_limit = 10_000 |
37 |
+ |
38 |
+ # Set the entity expansion limit. By defualt the limit is set to 10000. |
39 |
+ def Document::entity_expansion_limit=( val ) |
40 |
+ @@entity_expansion_limit = val |
41 |
+ end |
42 |
+ |
43 |
+ # Get the entity expansion limit. By defualt the limit is set to 10000. |
44 |
+ def Document::entity_expansion_limit |
45 |
+ return @@entity_expansion_limit |
46 |
+ end |
47 |
+ |
48 |
+ attr_reader :entity_expansion_count |
49 |
+ |
50 |
+ def record_entity_expansion |
51 |
+ @entity_expansion_count += 1 |
52 |
+ if @entity_expansion_count > @@entity_expansion_limit |
53 |
+ raise "number of entity expansions exceeded, processing aborted." |
54 |
+ end |
55 |
+ end |
56 |
+ |
57 |
private |
58 |
def build( source ) |
59 |
Parsers::TreeParser.new( source, self ).parse |
60 |
Index: lib/rexml/entity.rb |
61 |
=================================================================== |
62 |
--- lib/rexml/entity.rb (revision 18834) |
63 |
+++ lib/rexml/entity.rb (working copy) |
64 |
@@ -73,6 +73,7 @@ |
65 |
# all entities -- both %ent; and &ent; entities. This differs from |
66 |
# +value()+ in that +value+ only replaces %ent; entities. |
67 |
def unnormalized |
68 |
+ document.record_entity_expansion |
69 |
v = value() |
70 |
return nil if v.nil? |
71 |
@unnormalized = Text::unnormalize(v, parent) |
72 |
Index: test/rexml/test_document.rb |
73 |
=================================================================== |
74 |
--- test/rexml/test_document.rb (revision 0) |
75 |
+++ test/rexml/test_document.rb (revision 0) |
76 |
@@ -0,0 +1,42 @@ |
77 |
+require "rexml/document" |
78 |
+require "test/unit" |
79 |
+ |
80 |
+class REXML::TestDocument < Test::Unit::TestCase |
81 |
+ def test_new |
82 |
+ doc = REXML::Document.new(<<EOF) |
83 |
+<?xml version="1.0" encoding="UTF-8"?> |
84 |
+<message>Hello world!</message> |
85 |
+EOF |
86 |
+ assert_equal("Hello world!", doc.root.children.first.value) |
87 |
+ end |
88 |
+ |
89 |
+ XML_WITH_NESTED_ENTITY = <<EOF |
90 |
+<?xml version="1.0" encoding="UTF-8"?> |
91 |
+<!DOCTYPE member [ |
92 |
+ <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> |
93 |
+ <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> |
94 |
+ <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> |
95 |
+ <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> |
96 |
+ <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> |
97 |
+ <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> |
98 |
+ <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> |
99 |
+]> |
100 |
+<member> |
101 |
+&a; |
102 |
+</member> |
103 |
+EOF |
104 |
+ |
105 |
+ def test_entity_expansion_limit |
106 |
+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) |
107 |
+ assert_raise(RuntimeError) do |
108 |
+ doc.root.children.first.value |
109 |
+ end |
110 |
+ REXML::Document.entity_expansion_limit = 100 |
111 |
+ assert_equal(100, REXML::Document.entity_expansion_limit) |
112 |
+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) |
113 |
+ assert_raise(RuntimeError) do |
114 |
+ doc.root.children.first.value |
115 |
+ end |
116 |
+ assert_equal(101, doc.entity_expansion_count) |
117 |
+ end |
118 |
+end |