NZKoz / bigdecimal-segfault-fix
watch download tarball
public
Forks3Right
Watchers14Right
Description: Provides a quick workaround for the segfault bug in Ruby (CVE-2009-1904)
Homepage: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
Clone URL: git://github.com/NZKoz/bigdecimal-segfault-fix.git
bigdecimal-segfault-fix / lib / bigdecimal-segfault-fix.rb
100644 31 lines (24 sloc) 1.232 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# Copyright (c) 2009 Michael Koziarski <michael@koziarski.com>
# 
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
# 
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
require 'bigdecimal'
 
alias BigDecimalUnsafe BigDecimal
 
 
# This fixes CVE-2009-1904 however it removes legitimate functionality that your
# application may depend on.  You are *strongly* advised to upgrade your ruby
# rather than relying on this fix for an extended period of time.
 
def BigDecimal(initial, digits=0)
  if initial.size > 255 || initial =~ /e/i
    raise "Invalid big Decimal Value"
  end
  BigDecimalUnsafe(initial, digits)
end