Permalink
Browse files

Fixed a code-injection in Gem::Specification#ruby_code.

* Explaination and Proof of Concept (PoC) exploit against this
  vulnerability:
  * https://github.com/sophsec/rubygems-pwn
  * https://rubygems.org/gems/rubygems-pwn
  • Loading branch information...
1 parent a33bf96 commit 6ff4e0eed52ef066fe331853dc6b0c4ae429097b @postmodern postmodern committed Aug 25, 2011
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/rubygems/specification.rb
View
4 lib/rubygems/specification.rb
@@ -1914,10 +1914,10 @@ def ri_dir
def ruby_code(obj)
case obj
- when String then '%q{' + obj + '}'
+ when String then obj.inspect
when Array then '[' + obj.map { |x| ruby_code x }.join(", ") + ']'
when Hash then
- seg = obj.keys.sort.map { |k| "%q{#{k}} => %q{#{obj[k]}}" }
+ seg = obj.keys.sort.map { |k| "#{ruby_code k} => #{ruby_code obj[k]}" }
"{ #{seg.join(', ')} }"
when Gem::Version then obj.to_s.inspect
when Date then '%q{' + obj.strftime('%Y-%m-%d') + '}'

0 comments on commit 6ff4e0e

Please sign in to comment.