import-layers/yocto-poky/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch - openbmc/openbmc - Gitiles

 From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001
 From: "K.Kosako" <kosako@sofnec.co.jp>
 Date: Thu, 18 May 2017 17:05:27 +0900
 Subject: [PATCH] fix #55 : check too big code point value for single byte
  value in next_state_val()

 ---
  regparse.c |    3 +++
  1 file changed, 3 insertions(+)

 --- end of original header

 CVE: CVE-2017-9226

 Add check for octal number bigger than 255.

 Upstream-Status: Pending
 Signed-off-by: Joe Slater <joe.slater@windriver.com>


 --- ruby-2.4.1.orig/regparse.c
 +++ ruby-2.4.1/regparse.c
 @@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
    switch (*state) {
    case CCS_VALUE:
      if (*type == CCV_SB) {
 +      if (*from > 0xff)
 +          return ONIGERR_INVALID_CODE_POINT_VALUE;
 +
        BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from));
        if (IS_NOT_NULL(asc_cc))
  	BITSET_SET_BIT(asc_cc->bs, (int )(*from));
	From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001
	From: "K.Kosako" <kosako@sofnec.co.jp>
	Date: Thu, 18 May 2017 17:05:27 +0900
	Subject: [PATCH] fix #55 : check too big code point value for single byte
	value in next_state_val()

	---
	regparse.c \| 3 +++
	1 file changed, 3 insertions(+)

	--- end of original header

	CVE: CVE-2017-9226

	Add check for octal number bigger than 255.

	Upstream-Status: Pending
	Signed-off-by: Joe Slater <joe.slater@windriver.com>


	--- ruby-2.4.1.orig/regparse.c
	+++ ruby-2.4.1/regparse.c
	@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
	switch (*state) {
	case CCS_VALUE:
	if (*type == CCV_SB) {
	+ if (*from > 0xff)
	+ return ONIGERR_INVALID_CODE_POINT_VALUE;
	+
	BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from));
	if (IS_NOT_NULL(asc_cc))
	BITSET_SET_BIT(asc_cc->bs, (int )(*from));