Attachment 696265 Details for Bug 909633 – 3-0-serialize-cve-2013-0277.patch

[patch] 3-0-serialize-cve-2013-0277.patch

3-0-serialize-cve-2013-0277.patch (text/plain), 2.38 KB, created by Kurt Seifried on 2013-02-11 19:57:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kurt Seifried

Created: 2013-02-11 19:57:01 UTC

Size: 2.38 KB

patch

obsolete

>From 13b1b381de048e00f06fbab410d9d3ecc26460b9 Mon Sep 17 00:00:00 2001
>From: Tobias Kraze <tobias@kraze.eu>
>Date: Fri, 8 Feb 2013 12:52:10 +0100
>Subject: [PATCH] fix serialization vulnerability
>
>---
> .../lib/active_record/attribute_methods/write.rb   |    9 ++++++++-
> activerecord/test/cases/base_test.rb               |    6 ++++++
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
>diff --git a/activerecord/lib/active_record/attribute_methods/write.rb b/activerecord/lib/active_record/attribute_methods/write.rb
>index 3c4dab3..4684c4b 100644
>--- a/activerecord/lib/active_record/attribute_methods/write.rb
>+++ b/activerecord/lib/active_record/attribute_methods/write.rb
>@@ -10,7 +10,14 @@ module ActiveRecord
>       module ClassMethods
>         protected
>           def define_method_attribute=(attr_name)
>-            if attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
>+            if self.serialized_attributes[attr_name]
>+              generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
>+                if new_value.is_a?(String) and new_value =~ /^---/
>+                  raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues."
>+                end
>+                write_attribute(attr_name, new_value)
>+              end
>+            elsif attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
>               generated_attribute_methods.module_eval("def #{attr_name}=(new_value); write_attribute('#{attr_name}', new_value); end", __FILE__, __LINE__)
>             else
>               generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
>diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
>index 0894c7d..eb39c10 100644
>--- a/activerecord/test/cases/base_test.rb
>+++ b/activerecord/test/cases/base_test.rb
>@@ -1040,6 +1040,12 @@ class BasicsTest < ActiveRecord::TestCase
>     assert_nil topic.content
>   end
> 
>+  def test_should_raise_exception_on_assigning_already_serialized_content
>+    topic = Topic.new
>+    serialized_content = %w[foo bar].to_yaml
>+    assert_raise(ActiveRecord::ActiveRecordError) { topic.content = serialized_content }
>+  end
>+
>   def test_should_raise_exception_on_serialized_attribute_with_type_mismatch
>     myobj = MyObject.new('value1', 'value2')
>     topic = Topic.new(:content => myobj)
>-- 
>1.7.9.5
>

Actions: View | Diff

Attachments on bug 909633: 696264 | 696265