Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
rubygem-activerecord-4_2.28061
CVE-2022-44566.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-44566.patch of Package rubygem-activerecord-4_2.28061
From 4f44aa9d514e701ada92b5cf08beccf566eeaebf Mon Sep 17 00:00:00 2001 From: Zack Deveau <zack.ref@gmail.com> Date: Tue, 22 Nov 2022 09:48:59 -0500 Subject: [PATCH] Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true. [CVE-2022-44566] SUSE: adapt for older version --- --- activerecord.orig/lib/active_record/connection_adapters/postgresql/quoting.rb 2023-01-26 19:04:00.701921860 +0100 +++ activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb 2023-01-26 19:23:44.099635728 +0100 @@ -2,6 +2,12 @@ module ActiveRecord module ConnectionAdapters module PostgreSQL module Quoting + class IntegerOutOf64BitRange < StandardError + def initialize(msg) + super(msg) + end + end + # Escapes binary strings for bytea input to the database. def escape_bytea(value) @connection.escape_bytea(value) if value @@ -66,7 +72,25 @@ module ActiveRecord private + def check_int_in_range(value) + if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808 + exception = <<-ERROR + Provided value outside of the range of a signed 64bit integer. + PostgreSQL will treat the column type in question as a numeric. + This may result in a slow sequential scan due to a comparison + being performed between an integer or bigint value and a numeric value. + To allow for this potentially unwanted behavior, set + ActiveRecord::Base.raise_int_wider_than_64bit to false. + ERROR + raise IntegerOutOf64BitRange.new exception + end + end + def _quote(value) + if ActiveRecord::Base.raise_int_wider_than_64bit && value.is_a?(Integer) + check_int_in_range(value) + end + case value when Type::Binary::Data "'#{escape_bytea(value.to_s)}'" --- activerecord.orig/lib/active_record/core.rb 2023-01-26 19:04:00.701921860 +0100 +++ activerecord/lib/active_record/core.rb 2023-01-26 19:35:41.403084717 +0100 @@ -85,6 +85,14 @@ module ActiveRecord mattr_accessor :dump_schema_after_migration, instance_writer: false self.dump_schema_after_migration = true + ## + # :singleton-method: + # Application configurable boolean that denotes whether or not to raise + # an exception when the PostgreSQLAdapter is provided with an integer that is + # wider than signed 64bit representation + mattr_accessor :raise_int_wider_than_64bit, instance_writer: false + self.raise_int_wider_than_64bit = true + mattr_accessor :maintain_test_schema, instance_accessor: false def self.disable_implicit_join_references=(value)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor