Fix DoS in the Ruby CGI module.

Obtained from: ruby CVS Reviewed by: trhodes OK'ed by: maintainer silence With hat: secteam
svn path=/head/; revision=122406
2004-11-25 15:25:33 +00:00 · 2004-11-25 15:25:33 +00:00 · 23003b8825 · 2021-03-31 03:12:20 +00:00
commit 23003b8825
parent 1aff41543a
4 changed files with 59 additions and 1 deletions
--- a/lang/ruby16/Makefile
+++ b/lang/ruby16/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	ruby${RUBY_R}
 PORTVERSION=	${RUBY_PORTVERSION}
+PORTREVISION=	1
 CATEGORIES=	lang ruby ipv6
 MASTER_SITES=		${MASTER_SITE_RUBY}
 MASTER_SITE_SUBDIR=	${MASTER_SITE_SUBDIR_RUBY}
--- a/lang/ruby16/files/patch-cgi.rb
+++ b/lang/ruby16/files/patch-cgi.rb
@ -0,0 +1,30 @@
+--- lib/cgi.rb	2002/08/25 20:15:54	1.23.2.17
+++ lib/cgi.rb	2004/10/24 23:37:19	1.23.2.18
+@@ -182,7 +182,7 @@ class CGI
+   CR  = "\015"
+   LF  = "\012"
+   EOL = CR + LF
+-  REVISION = '$Id: cgi.rb,v 1.23.2.17 2002/08/25 20:15:54 wakou Exp $'
+  REVISION = '$Id: cgi.rb,v 1.23.2.18 2004/10/24 23:37:19 matz Exp $'
+ 
+   NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM)
+   PATH_SEPARATOR = {'UNIX'=>'/', 'WINDOWS'=>'\\', 'MACINTOSH'=>':'}
+@@ -823,13 +823,15 @@     def read_multipart(boundary, content
+           end
+ 
+           c = if bufsize < content_length
+-                stdinput.read(bufsize) or ''
+                stdinput.read(bufsize)
+               else
+-                stdinput.read(content_length) or ''
+                stdinput.read(content_length)
+               end
+          if c.nil?
+            raise EOFError, "bad content body"
+          end
+           buf += c
+           content_length -= c.size
+-
+         end
+ 
+         buf = buf.sub(/\A((?:.|\n)*?)(?:#{EOL})?#{boundary}(#{EOL}|--)/n) do
--- a/lang/ruby18/Makefile
+++ b/lang/ruby18/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	ruby${RUBY_R}
 PORTVERSION=	${RUBY_PORTVERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	lang ruby ipv6
 MASTER_SITES=		${MASTER_SITE_RUBY}
 MASTER_SITE_SUBDIR=	${MASTER_SITE_SUBDIR_RUBY}
--- a/lang/ruby18/files/patch-cgi.rb
+++ b/lang/ruby18/files/patch-cgi.rb
@ -0,0 +1,27 @@
+--- lib/cgi.rb	2004/07/28 13:26:01	1.68.2.6
+++ lib/cgi.rb	2004/10/27 02:46:50	1.68.2.7
+@@ -284,7 +284,7 @@ class CGI
+   # Standard internet newline sequence
+   EOL = CR + LF
+ 
+-  REVISION = '$Id: cgi.rb,v 1.68.2.6 2004/07/28 13:26:01 matz Exp $' #:nodoc:
+  REVISION = '$Id: cgi.rb,v 1.68.2.7 2004/10/27 02:46:50 matz Exp $' #:nodoc:
+ 
+   NEEDS_BINMODE = true if /WIN/ni.match(RUBY_PLATFORM) 
+ 
+@@ -1012,10 +1012,13 @@     def read_multipart(boundary, content
+           end
+ 
+           c = if bufsize < content_length
+-                stdinput.read(bufsize) or ''
+                stdinput.read(bufsize)
+               else
+-                stdinput.read(content_length) or ''
+                stdinput.read(content_length)
+               end
+          if c.nil?
+            raise EOFError, "bad content body"
+          end
+           buf.concat(c)
+           content_length -= c.size
+         end