Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
rubygem-activerecord-5_1
CVE-2022-44566.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-44566.patch of Package rubygem-activerecord-5_1
--- activerecord.orig/lib/active_record/connection_adapters/postgresql/quoting.rb 2023-01-26 19:45:42.324107900 +0100 +++ activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb 2023-01-26 19:47:50.118624174 +0100 @@ -2,6 +2,12 @@ module ActiveRecord module ConnectionAdapters module PostgreSQL module Quoting + class IntegerOutOf64BitRange < StandardError + def initialize(msg) + super(msg) + end + end + # Escapes binary strings for bytea input to the database. def escape_bytea(value) @connection.escape_bytea(value) if value @@ -81,7 +87,27 @@ module ActiveRecord super(query_value("SELECT #{quote(sql_type)}::regtype::oid", "SCHEMA").to_i) end + def check_int_in_range(value) + if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808 + exception = <<~ERROR + Provided value outside of the range of a signed 64bit integer. + + PostgreSQL will treat the column type in question as a numeric. + This may result in a slow sequential scan due to a comparison + being performed between an integer or bigint value and a numeric value. + + To allow for this potentially unwanted behavior, set + ActiveRecord::Base.raise_int_wider_than_64bit to false. + ERROR + raise IntegerOutOf64BitRange.new exception + end + end + def _quote(value) + if ActiveRecord::Base.raise_int_wider_than_64bit && value.is_a?(Integer) + check_int_in_range(value) + end + case value when OID::Xml::Data "xml '#{quote_string(value.to_s)}'" --- activerecord.orig/lib/active_record/core.rb 2023-01-26 19:45:42.324107900 +0100 +++ activerecord/lib/active_record/core.rb 2023-01-26 19:49:57.193114286 +0100 @@ -132,6 +132,14 @@ module ActiveRecord mattr_accessor :warn_on_records_fetched_greater_than, instance_writer: false self.warn_on_records_fetched_greater_than = nil + ## + # :singleton-method: + # Application configurable boolean that denotes whether or not to raise + # an exception when the PostgreSQLAdapter is provided with an integer that is + # wider than signed 64bit representation + mattr_accessor :raise_int_wider_than_64bit, instance_writer: false + self.raise_int_wider_than_64bit = true + mattr_accessor :maintain_test_schema, instance_accessor: false mattr_accessor :belongs_to_required_by_default, instance_accessor: false
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor