NZKoz / bigdecimal-segfault-fix
- Source
- Commits
- Network (3)
- Issues (0)
- Downloads (0)
- Wiki (1)
- Graphs
-
Tree:
0aaf499
Provides a quick workaround for the segfault bug in Ruby (CVE-2009-1904)
bigdecimal-segfault-fix / lib / bigdecimal-segfault-fix.rb
| 4f9e1dfa » | NZKoz | 2009-06-08 | 1 | # Copyright (c) 2009 Michael Koziarski <michael@koziarski.com> | |
| 2 | # | ||||
| 3 | # Permission to use, copy, modify, and/or distribute this software for any | ||||
| 4 | # purpose with or without fee is hereby granted, provided that the above | ||||
| 5 | # copyright notice and this permission notice appear in all copies. | ||||
| 6 | # | ||||
| 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||||
| 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||||
| 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||||
| 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||||
| 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||||
| 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||||
| 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||||
| 14 | |||||
| 15 | require 'bigdecimal' | ||||
| 16 | |||||
| 17 | alias BigDecimalUnsafe BigDecimal | ||||
| 18 | |||||
| 19 | |||||
| 20 | # This fixes CVE-2009-1904 however it removes legitimate functionality that your | ||||
| 21 | # application may depend on. You are *strongly* advised to upgrade your ruby | ||||
| 22 | # rather than relying on this fix for an extended period of time. | ||||
| 23 | |||||
| 24 | def BigDecimal(initial, digits=0) | ||||
| 25 | if initial.size > 255 || initial =~ /e/i | ||||
| 26 | raise "Invalid big Decimal Value" | ||||
| 27 | end | ||||
| 28 | BigDecimalUnsafe(initial, digits) | ||||
| 29 | end | ||||
| 30 | |||||
