ruby-dev

[#47786] [ruby-trunk - Bug #9069][Open] test_weakref.rb with GC.stress causes [BUG] rb_gc_mark(): 0x8024ee94 is T_ZOMBIE — "akr (Akira Tanaka)" <akr@...>

2 messages 2013/11/01

[#47787] [ruby-trunk - Bug #9069][Open] test_weakref.rb with GC.stress causes [BUG] rb_gc_mark(): 0x8024ee94 is T_ZOMBIE — "akr (Akira Tanaka)" <akr@...> 2013/11/01

[#47788] [ruby-trunk - Bug #9072][Open] test_weakref.rb failure — "akr (Akira Tanaka)" <akr@...>

4 messages 2013/11/02

[#47789] Re: [ruby-trunk - Bug #9072][Open] test_weakref.rb failure — Tanaka Akira <akr@...> 2013/11/02

2013/11/2 akr (Akira Tanaka) <akr@fsij.org>:

[#47791] [ruby-trunk - Bug #9072] test_weakref.rb failure — "akr (Akira Tanaka)" <akr@...> 2013/11/04

[#47792] [ruby-trunk - Bug #9072] test_weakref.rb failure — "akr (Akira Tanaka)" <akr@...> 2013/11/05

[#47793] [ruby-trunk - Bug #9088][Open] SEGV with set_trace_func and break — "akr (Akira Tanaka)" <akr@...>

1 message 2013/11/06

[#47794] [ruby-trunk - Bug #9090][Open] [BUG] object allocation during garbage collection phase — "akr (Akira Tanaka)" <akr@...>

7 messages 2013/11/07

[#47799] [ruby-trunk - Bug #9090] [BUG] object allocation during garbage collection phase — "tarui (Masaya Tarui)" <tarui@...> 2013/11/07

[#47800] [ruby-trunk - Bug #9090] [BUG] object allocation during garbage collection phase — "akr (Akira Tanaka)" <akr@...> 2013/11/08

[#47795] [ruby-trunk - Bug #9090] [BUG] object allocation during garbage collection phase — "tarui (Masaya Tarui)" <tarui@...> 2013/11/07

[#47796] [ruby-trunk - Bug #9090] [BUG] object allocation during garbage collection phase — "akr (Akira Tanaka)" <akr@...> 2013/11/07

[#47797] [ruby-trunk - Bug #9090] [BUG] object allocation during garbage collection phase — "tarui (Masaya Tarui)" <tarui@...> 2013/11/07

[#47798] [ruby-trunk - Bug #9090] [BUG] object allocation during garbage collection phase — "akr (Akira Tanaka)" <akr@...> 2013/11/07

[#47803] [ruby-trunk - Bug #9105][Open] callcc による不整合(例:Hash) — "tarui (Masaya Tarui)" <tarui@...>

2 messages 2013/11/13

[#47807] [ruby-trunk - Bug #9105][Open] callcc による不整合(例:Hash) — "nagachika (Tomoyuki Chikanaga)" <nagachika00@...> 2013/11/14

[#47804] [ruby-trunk - Bug #9109][Open] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — "sunaot (sunao tanabe)" <sunao.tanabe@...>

8 messages 2013/11/14

[#47805] [ruby-trunk - Bug #9109] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — "sorah (Shota Fukumori)" <her@...> 2013/11/14

[#47806] [ruby-trunk - Bug #9109] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — "nobu (Nobuyoshi Nakada)" <nobu@...> 2013/11/14

[#47809] [ruby-trunk - Bug #9109] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — "nobu (Nobuyoshi Nakada)" <nobu@...> 2013/11/18

[#47845] [ruby-trunk - Bug #9109] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — "nagachika (Tomoyuki Chikanaga)" <nagachika00@...> 2013/12/10

[#47871] [ruby-trunk - Bug #9109][Assigned] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — "h.shirosaki (Hiroshi Shirosaki)" <h.shirosaki@...> 2014/01/08

[#47923] [ruby-trunk - Bug #9109] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — usa@... 2014/01/29

SXNzdWUgIzkxMDkgaGFzIGJlZW4gdXBkYXRlZCBieSBVc2FrdSBOQUtBTVVS

[#48274] [ruby-trunk - Bug #9109] extend したモジュールメソッドと RSpec の let で 2 つ同名を使ったときに segmentation fault になる — nobu@... 2014/06/04

SXNzdWUgIzkxMDkgaGFzIGJlZW4gdXBkYXRlZCBieSBOb2J1eW9zaGkgTmFr

[#47811] [Ruby 1.8 - Feature #4207][Closed] これから「1.8.8」の話をしよう -- 1.8がこの先生きのこるには — "shyouhei (Shyouhei Urabe)" <shyouhei@...>

1 message 2013/11/19

[#47812] [Ruby 1.8 - Feature #1866][Closed] redefinable not (!) operators for 1.8 — "shyouhei (Shyouhei Urabe)" <shyouhei@...>

1 message 2013/11/19

[#47813] [Ruby 1.8 - Bug #2487][Closed] Re: set_trace_func中の例外について — "shyouhei (Shyouhei Urabe)" <shyouhei@...>

1 message 2013/11/19

[#47814] [Ruby 1.8 - Backport #3280][Closed] BigMath::log is very slow — "shyouhei (Shyouhei Urabe)" <shyouhei@...>

1 message 2013/11/19

[#47816] [ANN] Ruby 2.1.0-preview2 is released (includes a security fix!) — "NARUSE, Yui" <naruse@...>

We are pleased to announce the release of Ruby 2.1.0-preview2.

1 message 2013/11/22

[#47819] [ruby-trunk - Bug #9160][Open] configureに--with-rubylibprefixを指定するとrbconfigのprefixが空文字になる — "kimuraw (Wataru Kimura)" <kimuraw@...>

3 messages 2013/11/26

[#47852] [ruby-trunk - Bug #9160] configureに--with-rubylibprefixを指定するとrbconfigのprefixが空文字になる — "kimuraw (Wataru Kimura)" <kimuraw@...> 2013/12/14

[#47853] [ruby-trunk - Bug #9160] configureに--with-rubylibprefixを指定するとrbconfigのprefixが空文字になる — "nagachika (Tomoyuki Chikanaga)" <nagachika00@...> 2013/12/14

[#47820] [ruby-trunk - Bug #9165][Open] IRBのコード中にtypo — "matsuda (Akira Matsuda)" <ronnie@...>

3 messages 2013/11/27

[#47821] Re: [ruby-trunk - Bug #9165][Open] IRBのコード中にtypo — keiju@... (keiju ISHITSUKA) 2013/11/27

けいじゅ＠いしつかです.

[#47822] [ruby-trunk - Bug #9165][Closed] IRBのコード中にtypo — "matsuda (Akira Matsuda)" <ronnie@...> 2013/11/27

[#47823] [ruby-trunk - Bug #9169][Open] `require': cannot load such file -- date_core (LoadError) (ruby-2.0.0-p353) — "774 (Yasuhiro Nakayama)" <774@...774.net>

3 messages 2013/11/28

[#47824] [ruby-trunk - Bug #9169] `require': cannot load such file -- date_core (LoadError) (ruby-2.0.0-p353) — "774 (Yasuhiro Nakayama)" <774@...774.net> 2013/11/28

[#47825] [ruby-trunk - Bug #9169][Assigned] `require': cannot load such file -- date_core (LoadError) (ruby-2.0.0-p353) — "nobu (Nobuyoshi Nakada)" <nobu@...> 2013/11/28

[#47831] [ruby-trunk - Bug #9180][Open] Typo in FileUtils' method name — "matsuda (Akira Matsuda)" <ronnie@...>

2 messages 2013/11/29

[#48468] [ruby-trunk - Bug #9180] [Closed] Typo in FileUtils' method name — shibata.hiroshi@... 2014/08/12

Issue #9180 has been updated by Hiroshi SHIBATA.

[#47832] [Backport 200 - Backport #9181][Open] Please backport r43923 — "nagai (Hidetoshi Nagai)" <nagai@...>

3 messages 2013/11/29

[#47835] [Backport 200 - Backport #9181] Please backport r43923 — "nagai (Hidetoshi Nagai)" <nagai@...> 2013/11/30

[#47944] [Backport200 - Backport #9181] [Closed] Please backport r43923 — nagachika00@... 2014/02/02

Issue #9181 has been updated by Tomoyuki Chikanaga.

[#47833] [Backport93 - Backport #9182][Open] Please backport r43923 — "nagai (Hidetoshi Nagai)" <nagai@...>

2 messages 2013/11/29

[#47836] [Backport93 - Backport #9182] Please backport r43923 — "nagai (Hidetoshi Nagai)" <nagai@...> 2013/11/30

[#47834] [ruby-trunk - Bug #9183][Open] IRB::Localeの属性名にtypo — "matsuda (Akira Matsuda)" <ronnie@...>

2 messages 2013/11/29

[#48369] [ruby-trunk - Bug #9183] [Closed] IRB::Localeの属性名にtypo — shibata.hiroshi@... 2014/07/05

SXNzdWUgIzkxODMgaGFzIGJlZW4gdXBkYXRlZCBieSBIaXJvc2hpIFNISUJB

[ruby-dev:47817] [ruby-trunk - Bug #8995] バイナリデータを文字列として encode! すると readbyte の結果が変化する

From: "nobu (Nobuyoshi Nakada)" <nobu@...>

Date: 2013-11-23 02:34:57 UTC

List: ruby-dev #47817

Issue #8995 has been updated by nobu (Nobuyoshi Nakada).


workaroundが入ったようですが、元々UTF-8ではないバイナリデータが壊れないということは、裏を返せばmalformed UTF-8の攻撃文字列も破棄されないということです。
つまり、脆弱性はそのまま残っているわけなので、何らかの対策が必要であろうことだけは警告しておきます。
----------------------------------------
Bug #8995: バイナリデータを文字列として encode! すると readbyte の結果が変化する
https://bugs.ruby-lang.org/issues/8995#change-43098

Author: hsbt (Hiroshi SHIBATA)
Status: Third Party's Issue
Priority: Normal
Assignee: 
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-10-07 trunk 43160) [x86_64-darwin12.5.0]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Rails の以下のコードの結果が 2.0 と 2.1 とで異なるようです。

((<encode_params|URL:https://github.com/rails/rails/blob/3-2-stable/actionpack/lib/action_dispatch/http/parameters.rb#L51>))

以下が最小ケースです。

 $ ruby -v
 => ruby 2.1.0dev (2013-10-07 trunk 43160) [x86_64-darwin12.5.0]
 $ ruby -rstringio -e "Encoding.default_internal = Encoding::UTF_8; p StringIO.new(File.read('x.jpg')).readbyte"
 => 255
 $ ruby -rstringio -e "Encoding.default_internal = Encoding::UTF_8; p StringIO.new(File.read('x.jpg').force_encoding('UTF-8').encode\!).readbyte"
 => 239

なお、2.0 ではそれぞれの値が変化しませんでした。

 $ ruby -v
 => ruby 2.0.0p326 (2013-10-05 revision 43144) [x86_64-darwin13.0.0]
 $ ruby -rstringio -e "Encoding.default_internal = Encoding::UTF_8; p StringIO.new(File.read('x.jpg')).readbyte"
 => 255
 $ ruby -rstringio -e "Encoding.default_internal = Encoding::UTF_8; p StringIO.new(File.read('x.jpg').force_encoding('UTF-8').encode\!).readbyte"
 => 255

rails の該当箇所は rails4 でも同じ処理を行っているので、このままだと post で画像などを送るともれなく壊れてしまいます。

rails のコードがよくないのか、File.binread を使って読み込んでないのがおかしいなど教えて頂けると嬉しいです。

=end


-- 
http://bugs.ruby-lang.org/

Thread

Prev Next

In This Thread

Prev Next