json_pure 2.0.3 → 2.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +5 -0
  3. data/VERSION +1 -1
  4. data/ext/json/ext/fbuffer/fbuffer.h +0 -3
  5. data/ext/json/ext/generator/generator.c +6 -6
  6. data/ext/json/ext/generator/generator.h +0 -1
  7. data/ext/json/ext/parser/parser.c +27 -19
  8. data/ext/json/ext/parser/parser.rl +10 -2
  9. data/json.gemspec +0 -0
  10. data/json_pure.gemspec +4 -4
  11. data/lib/json/version.rb +1 -1
  12. data/tests/json_encoding_test.rb +2 -0
  13. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 599eefe7c422d40c2ff44c43c1b23ea43b975d7c
4
- data.tar.gz: 62794b8c0ecc154922fbfaa29216a7fb881307b2
3
+ metadata.gz: b23de3bf1ee0fe28a7c557f8f004ed78008e183f
4
+ data.tar.gz: 18c5c1c5311a254df4f512fa33866268185280e4
5
5
  SHA512:
6
- metadata.gz: 7863446d00a6da77b9d8a60394c464010cef20bd47994ff386d3794dbd70b110c22273395241b0ded1ecd3ec05fdc4307572f20746f09869afe7260856dd0dcd
7
- data.tar.gz: 4a34ea97107f72aa3ade90e03e9effa78cda56b434b89151b67941f56426ffd76b5e35c987655d8f4473d14edc56686650847d897f3ce681a73472012e78b730
6
+ metadata.gz: e04b89c73f033246890c908deb5af1e51bd066286341e119cfbd2ac1c97727a3d65150b0a39484aead58c02fb8bedd6a378231bc8df2de29edee78351031a798
7
+ data.tar.gz: 1a1a9702657ad711e48ee470485c5c6101e30ec05b4df6dd0b9d7d524f16f5f0c722f3b672a19e5a6fe9920c014fcb857f6dcfb416ac657cab91dd3bc228be37
data/CHANGES.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Changes
2
2
 
3
+ ## 2017-03-23 (2.0.4)
4
+ * Raise exception for incomplete unicode surrogates/character escape
5
+ sequences. This problem was reported by Daniel Gollahon (dgollahon).
6
+ * Fix arbitrary heap exposure problem. This problem was reported by Ahmad
7
+ Sherif (ahmadsherif).
3
8
 
4
9
  ## 2017-01-12 (2.0.3)
5
10
  * Set `required_ruby_version` to 1.9
data/VERSION CHANGED
@@ -1 +1 @@
1
- 2.0.3
1
+ 2.0.4
data/ext/json/ext/fbuffer/fbuffer.h CHANGED
@@ -12,9 +12,6 @@
12
12
  #define RFLOAT_VALUE(val) (RFLOAT(val)->value)
13
13
  #endif
14
14
 
15
- #ifndef RARRAY_PTR
16
- #define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
17
- #endif
18
15
  #ifndef RARRAY_LEN
19
16
  #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
20
17
  #endif
data/ext/json/ext/generator/generator.c CHANGED
@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
308
308
  char *result;
309
309
  if (len <= 0) return NULL;
310
310
  result = ALLOC_N(char, len);
311
- memccpy(result, ptr, 0, len);
311
+ memcpy(result, ptr, len);
312
312
  return result;
313
313
  }
314
314
 
@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
1062
1062
  }
1063
1063
  } else {
1064
1064
  if (state->indent) ruby_xfree(state->indent);
1065
- state->indent = strdup(RSTRING_PTR(indent));
1065
+ state->indent = fstrndup(RSTRING_PTR(indent), len);
1066
1066
  state->indent_len = len;
1067
1067
  }
1068
1068
  return Qnil;
@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
1100
1100
  }
1101
1101
  } else {
1102
1102
  if (state->space) ruby_xfree(state->space);
1103
- state->space = strdup(RSTRING_PTR(space));
1103
+ state->space = fstrndup(RSTRING_PTR(space), len);
1104
1104
  state->space_len = len;
1105
1105
  }
1106
1106
  return Qnil;
@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
1136
1136
  }
1137
1137
  } else {
1138
1138
  if (state->space_before) ruby_xfree(state->space_before);
1139
- state->space_before = strdup(RSTRING_PTR(space_before));
1139
+ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
1140
1140
  state->space_before_len = len;
1141
1141
  }
1142
1142
  return Qnil;
@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
1173
1173
  }
1174
1174
  } else {
1175
1175
  if (state->object_nl) ruby_xfree(state->object_nl);
1176
- state->object_nl = strdup(RSTRING_PTR(object_nl));
1176
+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
1177
1177
  state->object_nl_len = len;
1178
1178
  }
1179
1179
  return Qnil;
@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
1208
1208
  }
1209
1209
  } else {
1210
1210
  if (state->array_nl) ruby_xfree(state->array_nl);
1211
- state->array_nl = strdup(RSTRING_PTR(array_nl));
1211
+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
1212
1212
  state->array_nl_len = len;
1213
1213
  }
1214
1214
  return Qnil;
data/ext/json/ext/generator/generator.h CHANGED
@@ -1,7 +1,6 @@
1
1
  #ifndef _GENERATOR_H_
2
2
  #define _GENERATOR_H_
3
3
 
4
- #include <string.h>
5
4
  #include <math.h>
6
5
  #include <ctype.h>
7
6
 
data/ext/json/ext/parser/parser.c CHANGED
@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
1435
1435
  break;
1436
1436
  case 'u':
1437
1437
  if (pe > stringEnd - 4) {
1438
- return Qnil;
1438
+ rb_enc_raise(
1439
+ EXC_ENCODING eParserError,
1440
+ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
1441
+ );
1439
1442
  } else {
1440
1443
  UTF32 ch = unescape_unicode((unsigned char *) ++pe);
1441
1444
  pe += 3;
1442
1445
  if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
1443
1446
  pe++;
1444
- if (pe > stringEnd - 6) return Qnil;
1447
+ if (pe > stringEnd - 6) {
1448
+ rb_enc_raise(
1449
+ EXC_ENCODING eParserError,
1450
+ "%u: incomplete surrogate pair at '%s'", __LINE__, p
1451
+ );
1452
+ }
1445
1453
  if (pe[0] == '\\' && pe[1] == 'u') {
1446
1454
  UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
1447
1455
  ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
1471
1479
  }
1472
1480
 
1473
1481
 
1474
- #line 1475 "parser.c"
1482
+ #line 1483 "parser.c"
1475
1483
  enum {JSON_string_start = 1};
1476
1484
  enum {JSON_string_first_final = 8};
1477
1485
  enum {JSON_string_error = 0};
@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
1479
1487
  enum {JSON_string_en_main = 1};
1480
1488
 
1481
1489
 
1482
- #line 504 "parser.rl"
1490
+ #line 512 "parser.rl"
1483
1491
 
1484
1492
 
1485
1493
  static int
@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Parser *json, char *p, char *pe, VALUE *resu
1501
1509
 
1502
1510
  *result = rb_str_buf_new(0);
1503
1511
 
1504
- #line 1505 "parser.c"
1512
+ #line 1513 "parser.c"
1505
1513
  {
1506
1514
  cs = JSON_string_start;
1507
1515
  }
1508
1516
 
1509
- #line 525 "parser.rl"
1517
+ #line 533 "parser.rl"
1510
1518
  json->memo = p;
1511
1519
 
1512
- #line 1513 "parser.c"
1520
+ #line 1521 "parser.c"
1513
1521
  {
1514
1522
  if ( p == pe )
1515
1523
  goto _test_eof;
@@ -1534,7 +1542,7 @@ case 2:
1534
1542
  goto st0;
1535
1543
  goto st2;
1536
1544
  tr2:
1537
- #line 490 "parser.rl"
1545
+ #line 498 "parser.rl"
1538
1546
  {
1539
1547
  *result = json_string_unescape(*result, json->memo + 1, p);
1540
1548
  if (NIL_P(*result)) {
@@ -1545,14 +1553,14 @@ tr2:
1545
1553
  {p = (( p + 1))-1;}
1546
1554
  }
1547
1555
  }
1548
- #line 501 "parser.rl"
1556
+ #line 509 "parser.rl"
1549
1557
  { p--; {p++; cs = 8; goto _out;} }
1550
1558
  goto st8;
1551
1559
  st8:
1552
1560
  if ( ++p == pe )
1553
1561
  goto _test_eof8;
1554
1562
  case 8:
1555
- #line 1556 "parser.c"
1563
+ #line 1564 "parser.c"
1556
1564
  goto st0;
1557
1565
  st3:
1558
1566
  if ( ++p == pe )
@@ -1628,7 +1636,7 @@ case 7:
1628
1636
  _out: {}
1629
1637
  }
1630
1638
 
1631
- #line 527 "parser.rl"
1639
+ #line 535 "parser.rl"
1632
1640
 
1633
1641
  if (json->create_additions && RTEST(match_string = json->match_string)) {
1634
1642
  VALUE klass;
@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
1808
1816
  }
1809
1817
 
1810
1818
 
1811
- #line 1812 "parser.c"
1819
+ #line 1820 "parser.c"
1812
1820
  enum {JSON_start = 1};
1813
1821
  enum {JSON_first_final = 10};
1814
1822
  enum {JSON_error = 0};
@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
1816
1824
  enum {JSON_en_main = 1};
1817
1825
 
1818
1826
 
1819
- #line 720 "parser.rl"
1827
+ #line 728 "parser.rl"
1820
1828
 
1821
1829
 
1822
1830
  /*
@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
1833
1841
  GET_PARSER;
1834
1842
 
1835
1843
 
1836
- #line 1837 "parser.c"
1844
+ #line 1845 "parser.c"
1837
1845
  {
1838
1846
  cs = JSON_start;
1839
1847
  }
1840
1848
 
1841
- #line 736 "parser.rl"
1849
+ #line 744 "parser.rl"
1842
1850
  p = json->source;
1843
1851
  pe = p + json->len;
1844
1852
 
1845
- #line 1846 "parser.c"
1853
+ #line 1854 "parser.c"
1846
1854
  {
1847
1855
  if ( p == pe )
1848
1856
  goto _test_eof;
@@ -1876,7 +1884,7 @@ st0:
1876
1884
  cs = 0;
1877
1885
  goto _out;
1878
1886
  tr2:
1879
- #line 712 "parser.rl"
1887
+ #line 720 "parser.rl"
1880
1888
  {
1881
1889
  char *np = JSON_parse_value(json, p, pe, &result, 0);
1882
1890
  if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
@@ -1886,7 +1894,7 @@ st10:
1886
1894
  if ( ++p == pe )
1887
1895
  goto _test_eof10;
1888
1896
  case 10:
1889
- #line 1890 "parser.c"
1897
+ #line 1898 "parser.c"
1890
1898
  switch( (*p) ) {
1891
1899
  case 13: goto st10;
1892
1900
  case 32: goto st10;
@@ -1975,7 +1983,7 @@ case 9:
1975
1983
  _out: {}
1976
1984
  }
1977
1985
 
1978
- #line 739 "parser.rl"
1986
+ #line 747 "parser.rl"
1979
1987
 
1980
1988
  if (cs >= JSON_first_final && p == pe) {
1981
1989
  return result;
data/ext/json/ext/parser/parser.rl CHANGED
@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
446
446
  break;
447
447
  case 'u':
448
448
  if (pe > stringEnd - 4) {
449
- return Qnil;
449
+ rb_enc_raise(
450
+ EXC_ENCODING eParserError,
451
+ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
452
+ );
450
453
  } else {
451
454
  UTF32 ch = unescape_unicode((unsigned char *) ++pe);
452
455
  pe += 3;
453
456
  if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
454
457
  pe++;
455
- if (pe > stringEnd - 6) return Qnil;
458
+ if (pe > stringEnd - 6) {
459
+ rb_enc_raise(
460
+ EXC_ENCODING eParserError,
461
+ "%u: incomplete surrogate pair at '%s'", __LINE__, p
462
+ );
463
+ }
456
464
  if (pe[0] == '\\' && pe[1] == 'u') {
457
465
  UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
458
466
  ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
data/json.gemspec CHANGED
Binary file
data/json_pure.gemspec CHANGED
@@ -1,14 +1,14 @@
1
1
  # -*- encoding: utf-8 -*-
2
- # stub: json_pure 2.0.3 ruby lib
2
+ # stub: json_pure 2.0.4 ruby lib
3
3
 
4
4
  Gem::Specification.new do |s|
5
5
  s.name = "json_pure".freeze
6
- s.version = "2.0.3"
6
+ s.version = "2.0.4"
7
7
 
8
8
  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
9
9
  s.require_paths = ["lib".freeze]
10
10
  s.authors = ["Florian Frank".freeze]
11
- s.date = "2017-01-12"
11
+ s.date = "2017-04-10"
12
12
  s.description = "This is a JSON implementation in pure Ruby.".freeze
13
13
  s.email = "flori@ping.de".freeze
14
14
  s.extra_rdoc_files = ["README.md".freeze]
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
17
17
  s.licenses = ["Ruby".freeze]
18
18
  s.rdoc_options = ["--title".freeze, "JSON implemention for ruby".freeze, "--main".freeze, "README.md".freeze]
19
19
  s.required_ruby_version = Gem::Requirement.new(">= 1.9".freeze)
20
- s.rubygems_version = "2.6.8".freeze
20
+ s.rubygems_version = "2.6.11".freeze
21
21
  s.summary = "JSON Implementation for Ruby".freeze
22
22
  s.test_files = ["./tests/test_helper.rb".freeze]
23
23
 
data/lib/json/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: false
2
2
  module JSON
3
3
  # JSON version
4
- VERSION = '2.0.3'
4
+ VERSION = '2.0.4'
5
5
  VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
6
6
  VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
7
7
  VERSION_MINOR = VERSION_ARRAY[1] # :nodoc:
data/tests/json_encoding_test.rb CHANGED
@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::TestCase
79
79
  json = '["\ud840\udc01"]'
80
80
  assert_equal json, generate(utf8, :ascii_only => true)
81
81
  assert_equal utf8, parse(json)
82
+ assert_raises(JSON::ParserError) { parse('"\u"') }
83
+ assert_raises(JSON::ParserError) { parse('"\ud800"') }
82
84
  end
83
85
 
84
86
  def test_chars
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json_pure
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.3
4
+ version: 2.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Florian Frank
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-12 00:00:00.000000000 Z
11
+ date: 2017-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -177,7 +177,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
177
177
  version: '0'
178
178
  requirements: []
179
179
  rubyforge_project:
180
- rubygems_version: 2.6.8
180
+ rubygems_version: 2.6.11
181
181
  signing_key:
182
182
  specification_version: 4
183
183
  summary: JSON Implementation for Ruby