[Rubygems-developers] [PATCH] Subtle bug in the restricted implementation of tar

Mauricio Fernández batsman.geo at yahoo.com
Tue Aug 24 09:19:14 EDT 2004


On Tue, Aug 24, 2004 at 12:08:50AM +0200, Mauricio Fernández wrote:
> Here's a patch for the test case showcasing the bug (it corresponds to
> the rpa-base tree so I don't know if it will apply cleanly to RubyGems',
> but it should, if you rename the files in the preamble):
> 
> --- tc_Package.rb       (revision 695)
> +++ tc_Package.rb       (working copy)
> @@ -141,6 +141,14 @@
>          assert_equal("", h.prefix)
>          assert_equal("ustar", h.magic)
>      end
> +
> +    def test_new_from_stream_with_evil_name
> +        header = tar_file_header("a \0" + "\0" * 97, "", 012345, 10)
> +        h = nil
> +        header = StringIO.new header
> +        assert_nothing_raised{ h = TarHeader.new_from_stream header }
> +        assert_equal("a ", h.name)
> +    end
>  end

--- lib/rpa/package.rb  (revision 768)
+++ lib/rpa/package.rb  (working copy)
@@ -41,16 +41,16 @@

     def self.new_from_stream(stream)
         data = stream.read(512)
-        fields = data.unpack( "A100" + # record name
+        fields = data.unpack( "Z100" + # record name
                              "A8A8A8" +        # mode, uid, gid
                              "A12A12" +        # size, mtime
-                             "A8A" +           # checksum, typeflag
-                             "A100" +          # linkname
+                             "A8a" +           # checksum, typeflag
+                             "Z100" +          # linkname
                              "A6A2" +          # magic, version
-                             "A32" +           # uname
-                             "A32" +           # gname
+                             "Z32" +           # uname
+                             "Z32" +           # gname
                              "A8A8" +          # devmajor, devminor
-                             "A155"            # prefix
+                             "Z155"            # prefix
                             )
         name = fields.shift
         mode = fields.shift.oct

-- 
Running Debian GNU/Linux Sid (unstable)
batsman dot geo at yahoo dot com



More information about the Rubygems-developers mailing list