Sophie

Sophie

distrib > Fedora > 17 > i386 > media > updates-src > by-pkgid > 159ba94d8f0826af9300ab18d2a9ef3e > files > 11

rubygem-activerecord-3.0.11-6.fc17.src.rpm

From 13b1b381de048e00f06fbab410d9d3ecc26460b9 Mon Sep 17 00:00:00 2001
From: Tobias Kraze <tobias@kraze.eu>
Date: Fri, 8 Feb 2013 12:52:10 +0100
Subject: [PATCH] fix serialization vulnerability

---
 .../lib/active_record/attribute_methods/write.rb   |    9 ++++++++-
 activerecord/test/cases/base_test.rb               |    6 ++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/activerecord/lib/active_record/attribute_methods/write.rb b/activerecord/lib/active_record/attribute_methods/write.rb
index 3c4dab3..4684c4b 100644
--- a/activerecord/lib/active_record/attribute_methods/write.rb
+++ b/activerecord/lib/active_record/attribute_methods/write.rb
@@ -10,7 +10,14 @@ module ActiveRecord
       module ClassMethods
         protected
           def define_method_attribute=(attr_name)
-            if attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
+            if self.serialized_attributes[attr_name]
+              generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
+                if new_value.is_a?(String) and new_value =~ /^---/
+                  raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues."
+                end
+                write_attribute(attr_name, new_value)
+              end
+            elsif attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
               generated_attribute_methods.module_eval("def #{attr_name}=(new_value); write_attribute('#{attr_name}', new_value); end", __FILE__, __LINE__)
             else
               generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
-- 
1.7.9.5