Mmmm, should. On Sep 18, 2009, at 4:45 PM, Markus Roberts wrote:
> I'm presently using the box I occasionally put 1.8.1 on to test for > the 24 hour facter problem, and didn't feel like killing that to > test. But you're right, I should, and will. > > It should have no effect whatsoever on a non-1.8.1 box. > > -- Markus > > On Fri, Sep 18, 2009 at 4:38 PM, Luke Kanies <[email protected]> wrote: > > How much have you tested this? I assume, at the least, that we want a > good bit of testing around this, since it has the chance to do some > really weird stuff. > > This certainly pushes us toward using a known-good serializer in 0.26; > json here we come, I guess. > > On Sep 18, 2009, at 3:49 PM, Markus Roberts wrote: > > > > > This is a monkey patch to avoid calling a known-bad routine in > > syck.c with strings long enough to trigger its buffer overflow, > > by pretending that strings longer than 2K are binary and thus > > they have to be base 64 encoded. > > > > I do not love this, but it's the best idea I could come up with. > > > > Signed-off-by: Markus Roberts <[email protected]> > > --- > > lib/puppet/util/monkey_patches.rb | 16 ++++++++++++++++ > > 1 files changed, 16 insertions(+), 0 deletions(-) > > > > diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/ > > monkey_patches.rb > > index 817b813..d5c6038 100644 > > --- a/lib/puppet/util/monkey_patches.rb > > +++ b/lib/puppet/util/monkey_patches.rb > > @@ -41,3 +41,19 @@ if :test.to_yaml !~ %r{!ruby/sym} > > end > > end > > end > > + > > +# The version of syck that ships with ruby 1.8.1 has known issues > > (buffer overruns) > > +# with strings ~4K bytes or longer. To avoid the resulting > > segfaults we treat all > > +# strings over 2K bytes long as binary data so the go out via the > > base-64 routine > > +# instead. > > +# > > +if RUBY_VERSION =~ /1.8.1/ > > + class String > > + def is_complex_yaml? > > + length>2048 || !!(self =~ /\n.+/) > > + end > > + def is_binary_data? > > + length>2048 || count("^ -~","^\r\n")/size > 0.3 || > > count("\x00")>0 > > + end > > + end > > +end > > -- > > 1.6.4 > > > > > > > > > > -- > A computer lets you make more mistakes faster than any invention in > human history--with the possible exceptions of handguns and tequila. > -- Mitch Ratcliffe > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > > > > -- The easiest way to figure the cost of living is to take your income and add ten percent. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
