Skip to content

Commit

Permalink
* lib/resolv.rb: randomize source port and transaction id.
Browse files Browse the repository at this point in the history 
  CVE-2008-1447.

* lib/resolv-replace.rb (UDPSocket#bind): don't resolv host if host is
  "".


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8_7@18424 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information
@akr
akr committed Aug 8, 2008
1 parent a27294b commit 5c94ad2
Show file tree
Hide file tree
Showing 3 changed files with 170 additions and 115 deletions.
8 changes: 8 additions & 0 deletions ChangeLog
View file
@@ -1,3 +1,11 @@
Fri Aug 8 10:53:52 2008 Tanaka Akira <akr@fsij.org>

* lib/resolv.rb: randomize source port and transaction id.
CVE-2008-1447.

* lib/resolv-replace.rb (UDPSocket#bind): don't resolv host if host is
"".

Mon Aug 4 14:49:35 2008 URABE Shyouhei <shyouhei@ruby-lang.org>

* lib/net/smtp.rb (Net::SMTP::rcptto): fix a typo. a patch from
Expand Down
3 changes: 2 additions & 1 deletion lib/resolv-replace.rb
View file
Expand Up @@ -23,7 +23,8 @@ def initialize(host, serv, *rest)
class UDPSocket
alias original_resolv_bind bind
def bind(host, port)
original_resolv_bind(IPSocket.getaddress(host), port)
host = IPSocket.getaddress(host) if host != ""
original_resolv_bind(host, port)
end

alias original_resolv_connect connect
Expand Down

0 comments on commit 5c94ad2

Please sign in to comment.