initial import
This commit is contained in:
91
ruby/CVE-2021-41817-2.patch
Normal file
91
ruby/CVE-2021-41817-2.patch
Normal file
@@ -0,0 +1,91 @@
|
||||
From 8f2d7a0c7e52cea8333824bd527822e5449ed83d Mon Sep 17 00:00:00 2001
|
||||
From: Jean Boussier <jean.boussier@gmail.com>
|
||||
Date: Mon, 15 Nov 2021 11:37:40 +0100
|
||||
Subject: [PATCH] `Date._<format>(nil)` should return an empty Hash
|
||||
|
||||
Fix: https://github.com/ruby/date/issues/39
|
||||
|
||||
This is how versions previous to 3.2.1 behaved and Active Support
|
||||
currently rely on this behavior.
|
||||
|
||||
https://github.com/rails/rails/blob/90357af08048ef5076730505f6e7b14a81f33d0c/activesupport/lib/active_support/values/time_zone.rb#L383-L384
|
||||
|
||||
Any Rails application upgrading to date `3.2.1` might run into unexpected errors.
|
||||
---
|
||||
ext/date/date_core.c | 2 ++
|
||||
test/date/test_date_parse.rb | 18 ++++++++++++++++++
|
||||
2 files changed, 20 insertions(+)
|
||||
|
||||
--- a/ext/date/date_core.c
|
||||
+++ b/ext/date/date_core.c
|
||||
@@ -4335,6 +4335,8 @@
|
||||
static void
|
||||
check_limit(VALUE str, VALUE opt)
|
||||
{
|
||||
+ if (NIL_P(str)) return;
|
||||
+
|
||||
StringValue(str);
|
||||
size_t slen = RSTRING_LEN(str);
|
||||
size_t limit = get_limit(opt);
|
||||
--- a/test/date/test_date_parse.rb
|
||||
+++ b/test/date/test_date_parse.rb
|
||||
@@ -848,6 +848,9 @@
|
||||
|
||||
h = Date._iso8601('')
|
||||
assert_equal({}, h)
|
||||
+
|
||||
+ h = Date._iso8601(nil)
|
||||
+ assert_equal({}, h)
|
||||
end
|
||||
|
||||
def test__rfc3339
|
||||
@@ -863,6 +866,9 @@
|
||||
|
||||
h = Date._rfc3339('')
|
||||
assert_equal({}, h)
|
||||
+
|
||||
+ h = Date._rfc3339(nil)
|
||||
+ assert_equal({}, h)
|
||||
end
|
||||
|
||||
def test__xmlschema
|
||||
@@ -945,6 +951,9 @@
|
||||
|
||||
h = Date._xmlschema('')
|
||||
assert_equal({}, h)
|
||||
+
|
||||
+ h = Date._xmlschema(nil)
|
||||
+ assert_equal({}, h)
|
||||
end
|
||||
|
||||
def test__rfc2822
|
||||
@@ -977,6 +986,9 @@
|
||||
|
||||
h = Date._rfc2822('')
|
||||
assert_equal({}, h)
|
||||
+
|
||||
+ h = Date._rfc2822(nil)
|
||||
+ assert_equal({}, h)
|
||||
end
|
||||
|
||||
def test__httpdate
|
||||
@@ -997,6 +1009,9 @@
|
||||
|
||||
h = Date._httpdate('')
|
||||
assert_equal({}, h)
|
||||
+
|
||||
+ h = Date._httpdate(nil)
|
||||
+ assert_equal({}, h)
|
||||
end
|
||||
|
||||
def test__jisx0301
|
||||
@@ -1073,6 +1088,9 @@
|
||||
|
||||
h = Date._jisx0301('')
|
||||
assert_equal({}, h)
|
||||
+
|
||||
+ h = Date._jisx0301(nil)
|
||||
+ assert_equal({}, h)
|
||||
end
|
||||
|
||||
def test_iso8601
|
||||
Reference in New Issue
Block a user