Actions
Bug #13995
closed
Process.initgroups がNUL終端文字列を期待している
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.5.0dev (2017-10-10 trunk 60154) [x86_64-linux]
Backport:
Description
Process.initgroups がNUL終端文字列を期待していて、SHARABLE_MIDDLE_SUBSTRING=1 時におかしくなります。
こんなに長いユーザー名は実際には使われないと思うので実害はないかもしれません。
# grep abcdefg /etc/group
test:x:999:abcdefghijklmnopqrstuvwxyz
# ruby -e 'p Process.initgroups("abcdefghijklmnopqrstuvwxyz!".chop, 123)'
[123]
パッチ適用後は正しく動きます。
# ruby -e 'p Process.initgroups("abcdefghijklmnopqrstuvwxyz!".chop, 123)'
[123, 999]
パッチ:
diff --git a/process.c b/process.c
index 2d842176bd..97ba885fca 100644
--- a/process.c
+++ b/process.c
@@ -5948,7 +5948,7 @@ proc_setgroups(VALUE obj, VALUE ary)
static VALUE
proc_initgroups(VALUE obj, VALUE uname, VALUE base_grp)
{
- if (initgroups(StringValuePtr(uname), OBJ2GID(base_grp)) != 0) {
+ if (initgroups(StringValueCStr(uname), OBJ2GID(base_grp)) != 0) {
rb_sys_fail(0);
}
return proc_getgroups(obj);
Updated by nobu (Nobuyoshi Nakada) over 6 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r60161.
process.c: null byte at initgroups
- process.c (proc_initgroups): check null byte. patched by
tommy (Masahiro Tomita) in [ruby-dev:50287]. [Bug #13995]
Actions
Like0
Like0