kuro7-gas 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. data/lib/gas.rb +11 -2
  2. metadata +1 -1
data/lib/gas.rb CHANGED
@@ -16,6 +16,8 @@
16
16
 
17
17
  module Gas
18
18
 
19
+ BUFMAX = 0x7fff
20
+
19
21
  # Gas::Error
20
22
  class Error < StandardError
21
23
  end
@@ -140,32 +142,39 @@ module Gas
140
142
  end
141
143
 
142
144
  @size = decode_num(io)
145
+ raise Gas::Error, "cowardly refusing to read #{@size} bytes", caller if @size > BUFMAX
143
146
  id_size = decode_num(io)
147
+ raise Gas::Error, "cowardly refusing to read #{id_size} bytes", caller if id_size > BUFMAX
144
148
  @id = io.read(id_size)
145
149
  unless @id and @id.size == id_size
146
150
  raise Gas::Error, "failed to read #{'0x%x' % id_size} bytes", caller
147
151
  end
148
152
  nb_attributes = decode_num(io)
153
+ raise Gas::Error, "cowardly refusing to read #{nb_attributes} bytes", caller if nb_attributes > BUFMAX
149
154
  @attributes = Hash.new
150
155
  nb_attributes.times do
151
156
  key_size = decode_num(io)
157
+ raise Gas::Error, "cowardly refusing to read #{key_size} bytes", caller if key_size > BUFMAX
152
158
  key = io.read(key_size)
153
159
  unless key and key.size == key_size
154
160
  raise Gas::Error, "failed to read #{'0x%x' % key_size} bytes" , caller
155
161
  end
156
162
  value_size = decode_num(io)
163
+ raise Gas::Error, "cowardly refusing to read #{value_size} bytes", caller if value_size > BUFMAX
157
164
  value = io.read(value_size)
158
165
  unless value and value.size == value_size
159
- raise Gas::Error, "failed to read #{'0x%x' % value_size} bytes", caller
166
+ raise Gas::Error, "failed to read #{'0x%x' % value_size} bytes",caller
160
167
  end
161
168
  @attributes[key] = value
162
169
  end
163
170
  payload_size = decode_num(io)
171
+ raise Gas::Error, "cowardly refusing to read #{payload_size} bytes", caller if payload_size > BUFMAX
164
172
  @payload = io.read(payload_size)
165
173
  unless @payload and @payload.size == payload_size
166
- raise Gas::Error, "failed to read #{'0x%x' % payload_size} bytes", caller
174
+ raise Gas::Error, "failed to read #{'0x%x' % payload_size} bytes",caller
167
175
  end
168
176
  nb_children = decode_num(io)
177
+ raise Gas::Error, "cowardly refusing to read #{nb_children} bytes", caller if nb_children > BUFMAX
169
178
  @children = Array.new
170
179
  nb_children.times do
171
180
  @children << Chunk.new(io)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kuro7-gas
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Blanton Black