Skip to content

Commit 086f9aa

Browse files
joshcooperjoshcooper
authored
Merge pull request #907 from imaqsood/PA-6282 
2 parents 23c3704 + 8954d1b commit 086f9aa

File tree

3 files changed

+154
-0
lines changed

3 files changed

+154
-0
lines changed

configs/components/ruby-2.7.8.rb

+3
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,9 @@
4343
pkg.apply_patch "#{base}/uri-redos-cve-2023-36617.patch"
4444
pkg.apply_patch "#{base}/stringio_cve-2024-27280.patch"
4545

46+
pkg.apply_patch "#{base}/0001-Filter-marshaled-objects-ruby30.patch"
47+
pkg.apply_patch "#{base}/0001-Use-safe_load-and-safe_load_file-for-rdoc_options.patch"
48+
4649
if platform.is_cross_compiled?
4750
unless platform.is_macos?
4851
pkg.apply_patch "#{base}/uri_generic_remove_safe_nav_operator_r2.5.patch"

resources/patches/ruby_27/0001-Filter-marshaled-objects-ruby30.patch

+94
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
From 6a35becc9ac9f4b27b1d5b5b1fb8cf7aa9b49d5d Mon Sep 17 00:00:00 2001
2+
From: Hiroshi SHIBATA <[email protected]>
3+
Date: Tue, 20 Feb 2024 17:30:25 +0900
4+
Subject: [PATCH] Filter marshaled objects
5+
6+
---
7+
lib/rdoc/store.rb | 45 ++++++++++++++++++++++++++-------------------
8+
1 file changed, 26 insertions(+), 19 deletions(-)
9+
10+
diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb
11+
index 5ba671ca1b..5b663d73fb 100644
12+
--- a/lib/rdoc/store.rb
13+
+++ b/lib/rdoc/store.rb
14+
@@ -556,9 +556,7 @@ def load_all
15+
def load_cache
16+
#orig_enc = @encoding
17+
18+
- File.open cache_path, 'rb' do |io|
19+
- @cache = Marshal.load io.read
20+
- end
21+
+ @cache = marshal_load(cache_path)
22+
23+
load_enc = @cache[:encoding]
24+
25+
@@ -615,9 +613,7 @@ def load_class klass_name
26+
def load_class_data klass_name
27+
file = class_file klass_name
28+
29+
- File.open file, 'rb' do |io|
30+
- Marshal.load io.read
31+
- end
32+
+ marshal_load(file)
33+
rescue Errno::ENOENT => e
34+
error = MissingFileError.new(self, file, klass_name)
35+
error.set_backtrace e.backtrace
36+
@@ -630,14 +626,10 @@ def load_class_data klass_name
37+
def load_method klass_name, method_name
38+
file = method_file klass_name, method_name
39+
40+
- File.open file, 'rb' do |io|
41+
- obj = Marshal.load io.read
42+
- obj.store = self
43+
- obj.parent =
44+
- find_class_or_module(klass_name) || load_class(klass_name) unless
45+
- obj.parent
46+
- obj
47+
- end
48+
+ obj = marshal_load(file)
49+
+ obj.store = self
50+
+ obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
51+
+ obj
52+
rescue Errno::ENOENT => e
53+
error = MissingFileError.new(self, file, klass_name + method_name)
54+
error.set_backtrace e.backtrace
55+
@@ -650,11 +642,9 @@ def load_method klass_name, method_name
56+
def load_page page_name
57+
file = page_file page_name
58+
59+
- File.open file, 'rb' do |io|
60+
- obj = Marshal.load io.read
61+
- obj.store = self
62+
- obj
63+
- end
64+
+ obj = marshal_load(file)
65+
+ obj.store = self
66+
+ obj
67+
rescue Errno::ENOENT => e
68+
error = MissingFileError.new(self, file, page_name)
69+
error.set_backtrace e.backtrace
70+
@@ -976,4 +966,21 @@ def unique_modules
71+
@unique_modules
72+
end
73+
74+
+ private
75+
+ def marshal_load(file)
76+
+ File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
77+
+ end
78+
+
79+
+ MarshalFilter = proc do |obj|
80+
+ case obj
81+
+ when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
82+
+ else
83+
+ unless obj.class.name.start_with("RDoc::")
84+
+ raise TypeError, "not permitted class: #{obj.class.name}"
85+
+ end
86+
+ end
87+
+ obj
88+
+ end
89+
+ private_constant :MarshalFilter
90+
+
91+
end
92+
--
93+
2.43.2
94+

resources/patches/ruby_27/0001-Use-safe_load-and-safe_load_file-for-rdoc_options.patch

+57
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
author Marc Deslauriers <[email protected]> 2024-06-19 10:33:00 -0400
2+
committer git-ubuntu importer <[email protected]> 2024-06-26 12:22:56 +0000
3+
commit 7584287c1cf59926252197badedde2cbc08e084c (patch)
4+
tree 246e4fa465245f04c53f82cfb8cfeda7ea843db4
5+
parent 7128299adb87ba73094732751d96621648db1bce (diff)
6+
[PATCH] Use safe_load and safe_load_file for .rdoc_options
7+
Gbp-Pq: CVE-2024-27281-2.patch.
8+
Diffstat
9+
-rw-r--r-- lib/rdoc/rdoc.rb 3
10+
-rw-r--r-- test/rdoc/test_rdoc_options.rb 6
11+
2 files changed, 5 insertions, 4 deletions
12+
diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
13+
index 605172ae..f6105c68 100644
14+
--- a/lib/rdoc/rdoc.rb
15+
+++ b/lib/rdoc/rdoc.rb
16+
@@ -156,8 +156,9 @@ class RDoc::RDoc
17+
RDoc.load_yaml
18+
19+
begin
20+
- options = YAML.load_file '.rdoc_options'
21+
+ options = YAML.safe_load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
22+
rescue Psych::SyntaxError
23+
+ raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
24+
end
25+
26+
raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
27+
diff --git a/test/rdoc/test_rdoc_options.rb b/test/rdoc/test_rdoc_options.rb
28+
index 140c4afc..f547f5bf 100644
29+
--- a/test/rdoc/test_rdoc_options.rb
30+
+++ b/test/rdoc/test_rdoc_options.rb
31+
@@ -145,7 +145,7 @@ class TestRDocOptions < RDoc::TestCase
32+
33+
@options.encoding = Encoding::IBM437
34+
35+
- options = YAML.load YAML.dump @options
36+
+ options = YAML.safe_load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])
37+
38+
assert_equal Encoding::IBM437, options.encoding
39+
end
40+
@@ -161,7 +161,7 @@ rdoc_include:
41+
- /etc
42+
YAML
43+
44+
- options = YAML.load yaml
45+
+ options = YAML.safe_load(yaml, permitted_classes: [RDoc::Options, Symbol])
46+
47+
assert_empty options.rdoc_include
48+
assert_empty options.static_path
49+
@@ -749,7 +749,7 @@ rdoc_include:
50+
51+
assert File.exist? '.rdoc_options'
52+
53+
- assert_equal @options, YAML.load(File.read('.rdoc_options'))
54+
+ assert_equal @options, YAML.safe_load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
55+
end
56+
end
57+

0 commit comments

Comments
 (0)