* include/ruby/encoding.h (ECONV_INVALID_IGNORE): removed because

it tend to cause security problem.  If the behaviour is really
  required, ECONV_INVALID_REPLACE with empty string can be used.
  For example, CVE-2006-2313, CVE-2008-1036, [ruby-core:15645]
  (ECONV_UNDEF_IGNORE): ditto.

* transcode.c (rb_econv_convert): follow the above change.
  (econv_opts): ditto.
  (Init_transcode): ditto.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
akr 2008-09-04 10:15:34 +00:00
Родитель 1633eb7238
Коммит 45c3707303
6 изменённых файлов: 34 добавлений и 38 удалений

Просмотреть файл

@ -1,3 +1,15 @@
Thu Sep 4 19:10:27 2008 Tanaka Akira <akr@fsij.org>
* include/ruby/encoding.h (ECONV_INVALID_IGNORE): removed because
it tend to cause security problem. If the behaviour is really
required, ECONV_INVALID_REPLACE with empty string can be used.
For example, CVE-2006-2313, CVE-2008-1036, [ruby-core:15645]
(ECONV_UNDEF_IGNORE): ditto.
* transcode.c (rb_econv_convert): follow the above change.
(econv_opts): ditto.
(Init_transcode): ditto.
Thu Sep 4 13:22:02 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* vm_core.h (struct rb_vm_struct): replaced signal staff with trap

Просмотреть файл

@ -251,11 +251,9 @@ void rb_econv_binmode(rb_econv_t *ec);
/* flags for rb_econv_open */
#define ECONV_INVALID_MASK 0x000f
#define ECONV_INVALID_IGNORE 0x0001
#define ECONV_INVALID_REPLACE 0x0002
#define ECONV_UNDEF_MASK 0x00f0
#define ECONV_UNDEF_IGNORE 0x0010
#define ECONV_UNDEF_REPLACE 0x0020
/* effective only if output is ascii compatible */

Просмотреть файл

@ -524,7 +524,7 @@ class TestEncodingConverter < Test::Unit::TestCase
end
def test_invalid_ignore
ec = Encoding::Converter.new("UTF-8", "EUC-JP", Encoding::Converter::INVALID_IGNORE)
ec = Encoding::Converter.new("UTF-8", "EUC-JP", :invalid => :replace, :replace => "")
ret = ec.primitive_convert(src="abc\x80def", dst="", nil, 100)
assert_equal(:finished, ret)
assert_equal("", src)
@ -540,7 +540,7 @@ class TestEncodingConverter < Test::Unit::TestCase
end
def test_undef_ignore
ec = Encoding::Converter.new("UTF-8", "EUC-JP", Encoding::Converter::UNDEF_IGNORE)
ec = Encoding::Converter.new("UTF-8", "EUC-JP", :undef => :replace, :replace => "")
ret = ec.primitive_convert(src="abc\u{fffd}def", dst="", nil, 100)
assert_equal(:finished, ret)
assert_equal("", src)

Просмотреть файл

@ -1312,14 +1312,14 @@ EOT
open("t.txt", "r:utf-8:euc-jp", :invalid => :replace) {|f|
assert_equal("a?b", f.read)
}
open("t.txt", "r:utf-8:euc-jp", :invalid => :ignore) {|f|
open("t.txt", "r:utf-8:euc-jp", :invalid => :replace, :replace => "") {|f|
assert_equal("ab", f.read)
}
open("t.txt", "r:utf-8:euc-jp", :undef => :replace) {|f|
assert_raise(Encoding::InvalidByteSequence) { f.read }
assert_equal("b", f.read)
}
open("t.txt", "r:utf-8:euc-jp", :undef => :ignore) {|f|
open("t.txt", "r:utf-8:euc-jp", :undef => :replace, :replace => "") {|f|
assert_raise(Encoding::InvalidByteSequence) { f.read }
assert_equal("b", f.read)
}
@ -1332,14 +1332,14 @@ EOT
open("t.txt", "r:utf-8:euc-jp", :undef => :replace) {|f|
assert_equal("a?b", f.read)
}
open("t.txt", "r:utf-8:euc-jp", :undef => :ignore) {|f|
open("t.txt", "r:utf-8:euc-jp", :undef => :replace, :replace => "") {|f|
assert_equal("ab", f.read)
}
open("t.txt", "r:utf-8:euc-jp", :invalid => :replace) {|f|
assert_raise(Encoding::ConversionUndefined) { f.read }
assert_equal("b", f.read)
}
open("t.txt", "r:utf-8:euc-jp", :invalid => :ignore) {|f|
open("t.txt", "r:utf-8:euc-jp", :invalid => :replace, :replace => "") {|f|
assert_raise(Encoding::ConversionUndefined) { f.read }
assert_equal("b", f.read)
}
@ -1354,7 +1354,7 @@ EOT
}
assert_equal("a?b", File.read("t.txt"))
open("t.txt", "w:euc-jp", :invalid => :ignore) {|f|
open("t.txt", "w:euc-jp", :invalid => :replace, :replace => "") {|f|
assert_nothing_raised { f.write invalid_utf8 }
}
assert_equal("ab", File.read("t.txt"))
@ -1362,7 +1362,7 @@ EOT
open("t.txt", "w:euc-jp", :undef => :replace) {|f|
assert_raise(Encoding::InvalidByteSequence) { f.write invalid_utf8 }
}
open("t.txt", "w:euc-jp", :undef => :ignore) {|f|
open("t.txt", "w:euc-jp", :undef => :replace, :replace => "") {|f|
assert_raise(Encoding::InvalidByteSequence) { f.write invalid_utf8 }
}
}
@ -1375,14 +1375,14 @@ EOT
assert_nothing_raised { f.write "a\uFFFDb" }
}
assert_equal("a?b", File.read("t.txt"))
open("t.txt", "w:euc-jp:utf-8", :undef => :ignore) {|f|
open("t.txt", "w:euc-jp:utf-8", :undef => :replace, :replace => "") {|f|
assert_nothing_raised { f.write "a\uFFFDb" }
}
assert_equal("ab", File.read("t.txt"))
open("t.txt", "w:euc-jp:utf-8", :invalid => :replace) {|f|
assert_raise(Encoding::ConversionUndefined) { f.write "a\uFFFDb" }
}
open("t.txt", "w:euc-jp:utf-8", :invalid => :ignore) {|f|
open("t.txt", "w:euc-jp:utf-8", :invalid => :replace, :replace => "") {|f|
assert_raise(Encoding::ConversionUndefined) { f.write "a\uFFFDb" }
}
}
@ -1395,14 +1395,14 @@ EOT
assert_nothing_raised { f.write "a\uFFFDb" }
}
assert_equal("a?b", File.read("t.txt"))
open("t.txt", "w:iso-2022-jp:utf-8", :undef => :ignore) {|f|
open("t.txt", "w:iso-2022-jp:utf-8", :undef => :replace, :replace => "") {|f|
assert_nothing_raised { f.write "a\uFFFDb" }
}
assert_equal("ab", File.read("t.txt"))
open("t.txt", "w:iso-2022-jp:utf-8", :invalid => :replace) {|f|
assert_raise(Encoding::ConversionUndefined) { f.write "a\uFFFDb" }
}
open("t.txt", "w:iso-2022-jp:utf-8", :invalid => :ignore) {|f|
open("t.txt", "w:iso-2022-jp:utf-8", :invalid => :replace, :replace => "") {|f|
assert_raise(Encoding::ConversionUndefined) { f.write "a\uFFFDb" }
}
}

Просмотреть файл

@ -247,23 +247,23 @@ class TestTranscode < Test::Unit::TestCase
def test_invalid_ignore
# arguments only
assert_nothing_raised { 'abc'.encode('utf-8', invalid: :ignore) }
assert_nothing_raised { 'abc'.encode('utf-8', invalid: :replace, replace: "") }
# check handling of UTF-8 ill-formed subsequences
assert_equal("\x00\x41\x00\x3E\x00\x42".force_encoding('UTF-16BE'),
"\x41\xC2\x3E\x42".encode('UTF-16BE', 'UTF-8', invalid: :ignore))
"\x41\xC2\x3E\x42".encode('UTF-16BE', 'UTF-8', invalid: :replace, replace: ""))
assert_equal("\x00\x41\x00\xF1\x00\x42".force_encoding('UTF-16BE'),
"\x41\xC2\xC3\xB1\x42".encode('UTF-16BE', 'UTF-8', invalid: :ignore))
"\x41\xC2\xC3\xB1\x42".encode('UTF-16BE', 'UTF-8', invalid: :replace, replace: ""))
assert_equal("\x00\x42".force_encoding('UTF-16BE'),
"\xF0\x80\x80\x42".encode('UTF-16BE', 'UTF-8', invalid: :ignore))
"\xF0\x80\x80\x42".encode('UTF-16BE', 'UTF-8', invalid: :replace, replace: ""))
assert_equal(''.force_encoding('UTF-16BE'),
"\x82\xAB".encode('UTF-16BE', 'UTF-8', invalid: :ignore))
"\x82\xAB".encode('UTF-16BE', 'UTF-8', invalid: :replace, replace: ""))
assert_equal("\e$B!!\e(B".force_encoding("ISO-2022-JP"),
"\xA1\xA1\xFF".encode("ISO-2022-JP", "EUC-JP", invalid: :ignore))
"\xA1\xA1\xFF".encode("ISO-2022-JP", "EUC-JP", invalid: :replace, replace: ""))
assert_equal("\e$B\x24\x22\x24\x24\e(B".force_encoding("ISO-2022-JP"),
"\xA4\xA2\xFF\xA4\xA4".encode("ISO-2022-JP", "EUC-JP", invalid: :ignore))
"\xA4\xA2\xFF\xA4\xA4".encode("ISO-2022-JP", "EUC-JP", invalid: :replace, replace: ""))
assert_equal("\e$B\x24\x22\x24\x24\e(B".force_encoding("ISO-2022-JP"),
"\xA4\xA2\xFF\xFF\xA4\xA4".encode("ISO-2022-JP", "EUC-JP", invalid: :ignore))
"\xA4\xA2\xFF\xFF\xA4\xA4".encode("ISO-2022-JP", "EUC-JP", invalid: :replace, replace: ""))
end
def test_invalid_replace

Просмотреть файл

@ -1286,10 +1286,7 @@ rb_econv_convert(rb_econv_t *ec,
ret == econv_incomplete_input) {
/* deal with invalid byte sequence */
/* todo: add more alternative behaviors */
if (ec->flags&ECONV_INVALID_IGNORE) {
goto resume;
}
else if (ec->flags&ECONV_INVALID_REPLACE) {
if (ec->flags&ECONV_INVALID_REPLACE) {
if (output_replacement_character(ec) == 0)
goto resume;
}
@ -1299,10 +1296,7 @@ rb_econv_convert(rb_econv_t *ec,
/* valid character in source encoding
* but no related character(s) in destination encoding */
/* todo: add more alternative behaviors */
if (ec->flags&ECONV_UNDEF_IGNORE) {
goto resume;
}
else if (ec->flags&ECONV_UNDEF_REPLACE) {
if (ec->flags&ECONV_UNDEF_REPLACE) {
if (output_replacement_character(ec) == 0)
goto resume;
}
@ -2009,9 +2003,6 @@ econv_opts(VALUE opt)
v = rb_hash_aref(opt, sym_invalid);
if (NIL_P(v)) {
}
else if (v==sym_ignore) {
options |= ECONV_INVALID_IGNORE;
}
else if (v==sym_replace) {
options |= ECONV_INVALID_REPLACE;
v = rb_hash_aref(opt, sym_replace);
@ -2022,9 +2013,6 @@ econv_opts(VALUE opt)
v = rb_hash_aref(opt, sym_undef);
if (NIL_P(v)) {
}
else if (v==sym_ignore) {
options |= ECONV_UNDEF_IGNORE;
}
else if (v==sym_replace) {
options |= ECONV_UNDEF_REPLACE;
}
@ -3314,10 +3302,8 @@ Init_transcode(void)
rb_define_method(rb_cEncodingConverter, "replacement", econv_get_replacement, 0);
rb_define_method(rb_cEncodingConverter, "replacement=", econv_set_replacement, 1);
rb_define_const(rb_cEncodingConverter, "INVALID_MASK", INT2FIX(ECONV_INVALID_MASK));
rb_define_const(rb_cEncodingConverter, "INVALID_IGNORE", INT2FIX(ECONV_INVALID_IGNORE));
rb_define_const(rb_cEncodingConverter, "INVALID_REPLACE", INT2FIX(ECONV_INVALID_REPLACE));
rb_define_const(rb_cEncodingConverter, "UNDEF_MASK", INT2FIX(ECONV_UNDEF_MASK));
rb_define_const(rb_cEncodingConverter, "UNDEF_IGNORE", INT2FIX(ECONV_UNDEF_IGNORE));
rb_define_const(rb_cEncodingConverter, "UNDEF_REPLACE", INT2FIX(ECONV_UNDEF_REPLACE));
rb_define_const(rb_cEncodingConverter, "PARTIAL_INPUT", INT2FIX(ECONV_PARTIAL_INPUT));
rb_define_const(rb_cEncodingConverter, "OUTPUT_FOLLOWED_BY_INPUT", INT2FIX(ECONV_OUTPUT_FOLLOWED_BY_INPUT));