json 2.0.3 → 2.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7f771ff2dbe2582a3e23652725e44a2c04f9ef38
-  data.tar.gz: 1ee70a27e6878091c34a96f65be2dc4e9cb7b509
+  metadata.gz: b03a4476559d2bfc44e9caeb97ff8330abe090c3
+  data.tar.gz: 18c5c1c5311a254df4f512fa33866268185280e4
 SHA512:
-  metadata.gz: e38803d57bcb19d115083216ff027bbf749879c8fc09b676937072f5e1f95d975965c263252a8aeba6581405e09fd423a5bbc7d5ecaa4d6033d9a12bc9da262d
-  data.tar.gz: 80a69daa2ffa65cf6b9824dc77ce5e286a5e021c111d70ec0eb3fdf213a38b83feb48f004b7a2165586405a2f898b1358d5c74b9f6ffee33b627111f9af86208
+  metadata.gz: 28bf1fcbba82b0412226c6ba808d91427e19807aab30d7357d55e7004ce17c3673812ad5067d092d6b8039e77b0ea2006251fcb8a9590ed61bc87dc9364c21da
+  data.tar.gz: 1a1a9702657ad711e48ee470485c5c6101e30ec05b4df6dd0b9d7d524f16f5f0c722f3b672a19e5a6fe9920c014fcb857f6dcfb416ac657cab91dd3bc228be37

data/CHANGES.md

@@ -1,5 +1,10 @@
 # Changes
 
+## 2017-03-23 (2.0.4)
+ * Raise exception for incomplete unicode surrogates/character escape
+   sequences. This problem was reported by Daniel Gollahon (dgollahon).
+ * Fix arbitrary heap exposure problem. This problem was reported by Ahmad
+   Sherif (ahmadsherif).
 
 ## 2017-01-12 (2.0.3)
  * Set `required_ruby_version` to 1.9

data/VERSION

@@ -1 +1 @@
-2.0.3
+2.0.4

data/ext/json/ext/fbuffer/fbuffer.h

@@ -12,9 +12,6 @@
 #define RFLOAT_VALUE(val) (RFLOAT(val)->value)
 #endif
 
-#ifndef RARRAY_PTR
-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
-#endif
 #ifndef RARRAY_LEN
 #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
 #endif

data/ext/json/ext/generator/generator.c

@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
   char *result;
   if (len <= 0) return NULL;
   result = ALLOC_N(char, len);
-  memccpy(result, ptr, 0, len);
+  memcpy(result, ptr, len);
   return result;
 }
 
@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
         }
     } else {
         if (state->indent) ruby_xfree(state->indent);
-        state->indent = strdup(RSTRING_PTR(indent));
+        state->indent = fstrndup(RSTRING_PTR(indent), len);
         state->indent_len = len;
     }
     return Qnil;
@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
         }
     } else {
         if (state->space) ruby_xfree(state->space);
-        state->space = strdup(RSTRING_PTR(space));
+        state->space = fstrndup(RSTRING_PTR(space), len);
         state->space_len = len;
     }
     return Qnil;
@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
         }
     } else {
         if (state->space_before) ruby_xfree(state->space_before);
-        state->space_before = strdup(RSTRING_PTR(space_before));
+        state->space_before = fstrndup(RSTRING_PTR(space_before), len);
         state->space_before_len = len;
     }
     return Qnil;
@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
         }
     } else {
         if (state->object_nl) ruby_xfree(state->object_nl);
-        state->object_nl = strdup(RSTRING_PTR(object_nl));
+        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
         state->object_nl_len = len;
     }
     return Qnil;
@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
         }
     } else {
         if (state->array_nl) ruby_xfree(state->array_nl);
-        state->array_nl = strdup(RSTRING_PTR(array_nl));
+        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
         state->array_nl_len = len;
     }
     return Qnil;

data/ext/json/ext/generator/generator.h

@@ -1,7 +1,6 @@
 #ifndef _GENERATOR_H_
 #define _GENERATOR_H_
 
-#include <string.h>
 #include <math.h>
 #include <ctype.h>
 

data/ext/json/ext/parser/parser.c

@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
                     break;
                 case 'u':
                     if (pe > stringEnd - 4) {
-                        return Qnil;
+                      rb_enc_raise(
+                        EXC_ENCODING eParserError,
+                        "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
+                      );
                     } else {
                         UTF32 ch = unescape_unicode((unsigned char *) ++pe);
                         pe += 3;
                         if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
                             pe++;
-                            if (pe > stringEnd - 6) return Qnil;
+                            if (pe > stringEnd - 6) {
+                              rb_enc_raise(
+                                EXC_ENCODING eParserError,
+                                "%u: incomplete surrogate pair at '%s'", __LINE__, p
+                                );
+                            }
                             if (pe[0] == '\\' && pe[1] == 'u') {
                                 UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
                                 ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
 }
 
 
-#line 1475 "parser.c"
+#line 1483 "parser.c"
 enum {JSON_string_start = 1};
 enum {JSON_string_first_final = 8};
 enum {JSON_string_error = 0};
@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
 enum {JSON_string_en_main = 1};
 
 
-#line 504 "parser.rl"
+#line 512 "parser.rl"
 
 
 static int
@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Parser *json, char *p, char *pe, VALUE *resu
 
     *result = rb_str_buf_new(0);
 
-#line 1505 "parser.c"
+#line 1513 "parser.c"
 	{
 	cs = JSON_string_start;
 	}
 
-#line 525 "parser.rl"
+#line 533 "parser.rl"
     json->memo = p;
 
-#line 1513 "parser.c"
+#line 1521 "parser.c"
 	{
 	if ( p == pe )
 		goto _test_eof;
@@ -1534,7 +1542,7 @@ case 2:
 		goto st0;
 	goto st2;
 tr2:
-#line 490 "parser.rl"
+#line 498 "parser.rl"
 	{
         *result = json_string_unescape(*result, json->memo + 1, p);
         if (NIL_P(*result)) {
@@ -1545,14 +1553,14 @@ tr2:
             {p = (( p + 1))-1;}
         }
     }
-#line 501 "parser.rl"
+#line 509 "parser.rl"
 	{ p--; {p++; cs = 8; goto _out;} }
 	goto st8;
 st8:
 	if ( ++p == pe )
 		goto _test_eof8;
 case 8:
-#line 1556 "parser.c"
+#line 1564 "parser.c"
 	goto st0;
 st3:
 	if ( ++p == pe )
@@ -1628,7 +1636,7 @@ case 7:
 	_out: {}
 	}
 
-#line 527 "parser.rl"
+#line 535 "parser.rl"
 
     if (json->create_additions && RTEST(match_string = json->match_string)) {
           VALUE klass;
@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
 }
 
 
-#line 1812 "parser.c"
+#line 1820 "parser.c"
 enum {JSON_start = 1};
 enum {JSON_first_final = 10};
 enum {JSON_error = 0};
@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
 enum {JSON_en_main = 1};
 
 
-#line 720 "parser.rl"
+#line 728 "parser.rl"
 
 
 /*
@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
   GET_PARSER;
 
 
-#line 1837 "parser.c"
+#line 1845 "parser.c"
 	{
 	cs = JSON_start;
 	}
 
-#line 736 "parser.rl"
+#line 744 "parser.rl"
   p = json->source;
   pe = p + json->len;
 
-#line 1846 "parser.c"
+#line 1854 "parser.c"
 	{
 	if ( p == pe )
 		goto _test_eof;
@@ -1876,7 +1884,7 @@ st0:
 cs = 0;
 	goto _out;
 tr2:
-#line 712 "parser.rl"
+#line 720 "parser.rl"
 	{
         char *np = JSON_parse_value(json, p, pe, &result, 0);
         if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
@@ -1886,7 +1894,7 @@ st10:
 	if ( ++p == pe )
 		goto _test_eof10;
 case 10:
-#line 1890 "parser.c"
+#line 1898 "parser.c"
 	switch( (*p) ) {
 		case 13: goto st10;
 		case 32: goto st10;
@@ -1975,7 +1983,7 @@ case 9:
 	_out: {}
 	}
 
-#line 739 "parser.rl"
+#line 747 "parser.rl"
 
   if (cs >= JSON_first_final && p == pe) {
     return result;

data/ext/json/ext/parser/parser.rl

@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
                     break;
                 case 'u':
                     if (pe > stringEnd - 4) {
-                        return Qnil;
+                      rb_enc_raise(
+                        EXC_ENCODING eParserError,
+                        "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
+                      );
                     } else {
                         UTF32 ch = unescape_unicode((unsigned char *) ++pe);
                         pe += 3;
                         if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
                             pe++;
-                            if (pe > stringEnd - 6) return Qnil;
+                            if (pe > stringEnd - 6) {
+                              rb_enc_raise(
+                                EXC_ENCODING eParserError,
+                                "%u: incomplete surrogate pair at '%s'", __LINE__, p
+                                );
+                            }
                             if (pe[0] == '\\' && pe[1] == 'u') {
                                 UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
                                 ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)

data/json_pure.gemspec

@@ -1,14 +1,14 @@
 # -*- encoding: utf-8 -*-
-# stub: json_pure 2.0.3 ruby lib
+# stub: json_pure 2.0.4 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "json_pure".freeze
-  s.version = "2.0.3"
+  s.version = "2.0.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Florian Frank".freeze]
-  s.date = "2017-01-12"
+  s.date = "2017-04-10"
   s.description = "This is a JSON implementation in pure Ruby.".freeze
   s.email = "flori@ping.de".freeze
   s.extra_rdoc_files = ["README.md".freeze]
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.licenses = ["Ruby".freeze]
   s.rdoc_options = ["--title".freeze, "JSON implemention for ruby".freeze, "--main".freeze, "README.md".freeze]
   s.required_ruby_version = Gem::Requirement.new(">= 1.9".freeze)
-  s.rubygems_version = "2.6.8".freeze
+  s.rubygems_version = "2.6.11".freeze
   s.summary = "JSON Implementation for Ruby".freeze
   s.test_files = ["./tests/test_helper.rb".freeze]
 

data/lib/json/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 module JSON
   # JSON version
-  VERSION         = '2.0.3'
+  VERSION         = '2.0.4'
   VERSION_ARRAY   = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
   VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:
   VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:

data/tests/json_encoding_test.rb

@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::TestCase
     json = '["\ud840\udc01"]'
     assert_equal json, generate(utf8, :ascii_only => true)
     assert_equal utf8, parse(json)
+    assert_raises(JSON::ParserError) { parse('"\u"') }
+    assert_raises(JSON::ParserError) { parse('"\ud800"') }
   end
 
   def test_chars

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json
 version: !ruby/object:Gem::Version
-  version: 2.0.3
+  version: 2.0.4
 platform: ruby
 authors:
 - Florian Frank
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-12 00:00:00.000000000 Z
+date: 2017-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -180,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: JSON Implementation for Ruby