Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

taint flag #5411

Merged
merged 1 commit into from Nov 3, 2018

Conversation

Projects
None yet
2 participants
@ahorek
Copy link
Contributor

ahorek commented Nov 3, 2018

https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/

Array#pack('M')
Array#pack('m')
Array#pack('u')

returns a tainted string when a pack argument is tainted

Array#pack('p')
Array#pack('P')

not implemented on jruby

pavel

@ahorek ahorek force-pushed the ahorek:taint branch from 2a0e39b to 89047d9 Nov 3, 2018

@kares kares merged commit 15bb169 into jruby:master Nov 3, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@kares kares added this to the JRuby 9.2.1.0 milestone Nov 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.