shell bypass 403
diff -uw ruby-2.1.1/ext/psych/yaml/config.h ruby-2.1.2/ext/psych/yaml/config.h
--- ruby-2.1.1/ext/psych/yaml/config.h 2014-02-24 05:24:15.000000000 +0100
+++ ruby-2.1.2/ext/psych/yaml/config.h 2014-05-04 17:45:33.000000000 +0200
@@ -1,11 +1,10 @@
-
#define PACKAGE_NAME "yaml"
#define PACKAGE_TARNAME "yaml"
-#define PACKAGE_VERSION "0.1.5"
-#define PACKAGE_STRING "yaml 0.1.5"
+#define PACKAGE_VERSION "0.1.6"
+#define PACKAGE_STRING "yaml 0.1.6"
#define PACKAGE_BUGREPORT "http://pyyaml.org/newticket?component libyaml"
#define PACKAGE_URL ""
#define YAML_VERSION_MAJOR 0
#define YAML_VERSION_MINOR 1
-#define YAML_VERSION_PATCH 5
-#define YAML_VERSION_STRING "0.1.5"
+#define YAML_VERSION_PATCH 6
+#define YAML_VERSION_STRING "0.1.6"
diff -uw ruby-2.1.1/ext/psych/yaml/scanner.c ruby-2.1.2/ext/psych/yaml/scanner.c
--- ruby-2.1.1/ext/psych/yaml/scanner.c 2014-02-24 05:24:15.000000000 +0100
+++ ruby-2.1.2/ext/psych/yaml/scanner.c 2014-05-04 17:45:33.000000000 +0200
@@ -2629,6 +2629,9 @@
/* Check if it is a URI-escape sequence. */
if (CHECK(parser->buffer, '%')) {
+ if (!STRING_EXTEND(parser, string))
+ goto error;
+
if (!yaml_parser_scan_uri_escapes(parser,
directive, start_mark, &string)) goto error;
}
diff -uw ruby-2.1.1/ext/psych/yaml/yaml_private.h ruby-2.1.2/ext/psych/yaml/yaml_private.h
--- ruby-2.1.1/ext/psych/yaml/yaml_private.h 2014-02-24 05:24:15.000000000 +0100
+++ ruby-2.1.2/ext/psych/yaml/yaml_private.h 2014-05-04 17:45:33.000000000 +0200
@@ -146,9 +146,12 @@
(string).start = (string).pointer = (string).end = 0)
#define STRING_EXTEND(context,string) \
- (((string).pointer+5 < (string).end) \
+ ((((string).pointer+5 < (string).end) \
|| yaml_string_extend(&(string).start, \
- &(string).pointer, &(string).end))
+ &(string).pointer, &(string).end)) ? \
+ 1 : \
+ ((context)->error = YAML_MEMORY_ERROR, \
+ 0))
#define CLEAR(context,string) \
((string).pointer = (string).start, \