1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
From: aycabta <aycabta@gmail.com>
Date: Sun, 2 May 2021 20:52:23 +0900
Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection
vulnerability in CVE-2021-31799
https://github.com/ruby/rdoc/commit/a7f5d6ab88
CVE: CVE-2021-31799
Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
lib/rdoc/rdoc.rb | 2 +-
test/rdoc/test_rdoc_rdoc.rb | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
index 680a8612f7..904625f105 100644
--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
@@ -444,7 +444,7 @@ def remove_unparseable files
files.reject do |file, *|
file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or
(file =~ /tags$/i and
- open(file, 'rb') { |io|
+ File.open(file, 'rb') { |io|
io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
})
end
diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
index 3910dd4656..a83d5a1b88 100644
--- a/test/rdoc/test_rdoc_rdoc.rb
+++ b/test/rdoc/test_rdoc_rdoc.rb
@@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim
end
end
+ def test_remove_unparseable_CVE_2021_31799
+ temp_dir do
+ file_list = ['| touch evil.txt && echo tags']
+ file_list.each do |f|
+ FileUtils.touch f
+ end
+
+ assert_equal file_list, @rdoc.remove_unparseable(file_list)
+ assert_equal file_list, Dir.children('.')
+ end
+ end
+
def test_setup_output_dir
Dir.mktmpdir {|d|
path = File.join d, 'testdir'
--
2.17.1
|