master

分支 (15)

标签 (12)

管理

管理

master

openEuler-22.03-LTS-SP1

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP2

openEuler-23.09

openEuler-22.03-LTS

openEuler-23.03

openEuler-22.09

openEuler-21.03

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-21.09

openEuler-20.09

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

rubygem-activerecord
/
CVE-2022-44566.patch

From 82bcdc011e2ff674e7dd8fd8cee3a831c908d29b Mon Sep 17 00:00:00 2001
From: Zack Deveau <zack.ref@gmail.com>
Date: Mon, 21 Nov 2022 17:11:31 -0500
Subject: [PATCH] Added integer width check to PostgreSQL::Quoting

Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric.
Comparing integer values against numeric values can result
in a slow sequential scan.

This behavior is configurable via
ActiveRecord.raise_int_wider_than_64bit which defaults to true.

[CVE-2022-44566]
---
 activerecord-7.0.4/lib/active_record.rb             |  8 ++++++
 .../connection_adapters/postgresql/quoting.rb | 26 +++++++++++++++++
 .../cases/adapters/postgresql/quoting_test.rb | 28 +++++++++++++++++++
 3 files changed, 85 insertions(+)

diff --git a/activerecord-7.0.4/lib/active_record.rb b/activerecord-7.0.4/lib/active_record.rb
index d553fe5c7c..4f6e5493e7 100644
--- a/activerecord-7.0.4/lib/active_record.rb
+++ b/activerecord-7.0.4/lib/active_record.rb
@@ -347,6 +347,14 @@ def self.global_executor_concurrency # :nodoc:
   singleton_class.attr_accessor :use_yaml_unsafe_load
   self.use_yaml_unsafe_load = false

+  ##
+  # :singleton-method:
+  # Application configurable boolean that denotes whether or not to raise
+  # an exception when the PostgreSQLAdapter is provided with an integer that
+  # is wider than signed 64bit representation
+  singleton_class.attr_accessor :raise_int_wider_than_64bit
+  self.raise_int_wider_than_64bit = true
+
   ##
   # :singleton-method:
   # Application configurable array that provides additional permitted classes
diff --git a/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb b/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb
index 0d1cd8b02d..d5591dbe00 100644
--- a/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb
+++ b/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb
@@ -4,6 +4,12 @@
   module ConnectionAdapters
     module PostgreSQL
       module Quoting
+        class IntegerOutOf64BitRange < StandardError
+          def initialize(msg)
+            super(msg)
+          end
+        end
+
         # Escapes binary strings for bytea input to the database.
         def escape_bytea(value)
           @connection.escape_bytea(value) if value
@@ -16,7 +22,27 @@ def unescape_bytea(value)
           @connection.unescape_bytea(value) if value
         end

+        def check_int_in_range(value)
+          if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808
+            exception = <<~ERROR
+              Provided value outside of the range of a signed 64bit integer.
+
+              PostgreSQL will treat the column type in question as a numeric.
+              This may result in a slow sequential scan due to a comparison
+              being performed between an integer or bigint value and a numeric value.
+
+              To allow for this potentially unwanted behavior, set
+              ActiveRecord.raise_int_wider_than_64bit to false.
+            ERROR
+            raise IntegerOutOf64BitRange.new exception
+          end
+        end
+
         def quote(value) # :nodoc:
+          if ActiveRecord.raise_int_wider_than_64bit && value.is_a?(Integer)
+            check_int_in_range(value)
+          end
+
           case value
           when OID::Xml::Data
             "xml '#{quote_string(value.to_s)}'"
diff --git a/test/cases/adapters/postgresql/quoting_test.rb b/test/cases/adapters/postgresql/quoting_test.rb
index d571355a9c..7e01defd96 100644
--- a/test/cases/adapters/postgresql/quoting_test.rb
+++ b/test/cases/adapters/postgresql/quoting_test.rb
@@ -8,6 +8,7 @@
       class QuotingTest < ActiveRecord::PostgreSQLTestCase
         def setup
           @conn = ActiveRecord::Base.connection
+          @raise_int_wider_than_64bit = ActiveRecord.raise_int_wider_than_64bit
         end

         def test_type_cast_true
@@ -44,6 +45,33 @@ def test_quote_table_name_with_spaces
           value = "user posts"
           assert_equal "\"user posts\"", @conn.quote_table_name(value)
         end
+
+        def test_raise_when_int_is_wider_than_64bit
+          value = 9223372036854775807 + 1
+          assert_raise ActiveRecord::ConnectionAdapters::PostgreSQL::Quoting::IntegerOutOf64BitRange do
+            @conn.quote(value)
+          end
+
+          value = -9223372036854775808 - 1
+          assert_raise ActiveRecord::ConnectionAdapters::PostgreSQL::Quoting::IntegerOutOf64BitRange do
+            @conn.quote(value)
+          end
+        end
+
+        def test_do_not_raise_when_int_is_not_wider_than_64bit
+          value = 9223372036854775807
+          assert_equal "9223372036854775807", @conn.quote(value)
+
+          value = -9223372036854775808
+          assert_equal "-9223372036854775808", @conn.quote(value)
+        end
+
+        def test_do_not_raise_when_raise_int_wider_than_64bit_is_false
+          ActiveRecord.raise_int_wider_than_64bit = false
+          value = 9223372036854775807 + 1
+          assert_equal "9223372036854775808", @conn.quote(value)
+          ActiveRecord.raise_int_wider_than_64bit = @raise_int_wider_than_64bit
+        end
       end
     end
   end
--
2.35.1