diff options
author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-02-16 08:08:06 +0000 |
---|---|---|
committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-02-16 08:08:06 +0000 |
commit | 7619cb3d7dcc9920a72ff5f2bc5546a5971fbab4 (patch) | |
tree | 1fe1f557eadc8ce3bd7b180434153e6420a7436b /test/rubygems/test_gem_package_tar_header.rb | |
parent | 7a453b157661561146ce84d821d6c5c18a5368df (diff) | |
download | ruby-7619cb3d7dcc9920a72ff5f2bc5546a5971fbab4.tar.gz |
Merge RubyGems 2.7.6 from upstream.
It fixed some security vulnerabilities.
http://blog.rubygems.org/2018/02/15/2.7.6-released.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/rubygems/test_gem_package_tar_header.rb')
-rw-r--r-- | test/rubygems/test_gem_package_tar_header.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/test/rubygems/test_gem_package_tar_header.rb b/test/rubygems/test_gem_package_tar_header.rb index d33877057d..a0719a7531 100644 --- a/test/rubygems/test_gem_package_tar_header.rb +++ b/test/rubygems/test_gem_package_tar_header.rb @@ -143,5 +143,25 @@ group\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000 assert_equal '012467', @tar_header.checksum end + def test_from_bad_octal + test_cases = [ + "00000006,44\000", # bogus character + "00000006789\000", # non-octal digit + "+0000001234\000", # positive sign + "-0000001000\000", # negative sign + "0x000123abc\000", # radix prefix + ] + + test_cases.each do |val| + header_s = @tar_header.to_s + # overwrite the size field + header_s[124, 12] = val + io = TempIO.new header_s + assert_raises ArgumentError do + new_header = Gem::Package::TarHeader.from io + end + end + end + end |