-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #219 from rstudio/fix/CVE-2024-27322
Patch R 4.0.0 - R 4.3.3 for CVE-2024-27322
- Loading branch information
Showing
18 changed files
with
1,161 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e | ||
| Author: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41> | ||
| Date: Sun Mar 31 19:35:58 2024 +0000 | ||
|
|
||
| readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. | ||
|
|
||
|
|
||
| git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 | ||
|
|
||
| diff --git a/src/main/serialize.c b/src/main/serialize.c | ||
| index a389f71311..a190fbf8f3 100644 | ||
| --- a/src/main/serialize.c | ||
| +++ b/src/main/serialize.c | ||
| @@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| return R_NilValue; | ||
| } | ||
|
|
||
| +static SEXP checkNotPromise(SEXP val) | ||
| +{ | ||
| + if (TYPEOF(val) == PROMSXP) | ||
| + error(_("cannot return a promise (PROMSXP) object")); | ||
| + return val; | ||
| +} | ||
| + | ||
| /* unserializeFromConn(conn, hook) used from readRDS(). | ||
| It became public in R 2.13.0, and that version added support for | ||
| connections internally */ | ||
| @@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| con->close(con); | ||
| UNPROTECT(1); | ||
| } | ||
| - return ans; | ||
| + return checkNotPromise(ans); | ||
| } | ||
|
|
||
| /* | ||
| @@ -3330,8 +3337,8 @@ attribute_hidden SEXP | ||
| do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| { | ||
| checkArity(op, args); | ||
| - if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); | ||
| - | ||
| + if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); | ||
| + return checkNotPromise(R_unserialize(CAR(args), CADR(args))); | ||
| SEXP object, icon, type, ver, fun; | ||
| object = CAR(args); args = CDR(args); | ||
| icon = CAR(args); args = CDR(args); | ||
| diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd | ||
| index 094396b..75fae89 100644 | ||
| --- a/doc/NEWS.Rd | ||
| +++ b/doc/NEWS.Rd | ||
| @@ -6,6 +6,12 @@ | ||
| \encoding{UTF-8} | ||
|
|
||
| \section{\Rlogo CHANGES IN 4.0.0}{ | ||
| + \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/rstudio/r-builds}}{ | ||
| + \itemize{ | ||
| + \item readRDS() and unserialize() now signal an error instead of | ||
| + returning a PROMSXP, to fix CVE-2024-27322. | ||
| + } | ||
| + } | ||
|
|
||
| \subsection{SIGNIFICANT USER-VISIBLE CHANGES}{ | ||
| \itemize{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e | ||
| Author: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41> | ||
| Date: Sun Mar 31 19:35:58 2024 +0000 | ||
|
|
||
| readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. | ||
|
|
||
|
|
||
| git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 | ||
|
|
||
| diff --git a/src/main/serialize.c b/src/main/serialize.c | ||
| index a389f71311..a190fbf8f3 100644 | ||
| --- a/src/main/serialize.c | ||
| +++ b/src/main/serialize.c | ||
| @@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| return R_NilValue; | ||
| } | ||
|
|
||
| +static SEXP checkNotPromise(SEXP val) | ||
| +{ | ||
| + if (TYPEOF(val) == PROMSXP) | ||
| + error(_("cannot return a promise (PROMSXP) object")); | ||
| + return val; | ||
| +} | ||
| + | ||
| /* unserializeFromConn(conn, hook) used from readRDS(). | ||
| It became public in R 2.13.0, and that version added support for | ||
| connections internally */ | ||
| @@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| con->close(con); | ||
| UNPROTECT(1); | ||
| } | ||
| - return ans; | ||
| + return checkNotPromise(ans); | ||
| } | ||
|
|
||
| /* | ||
| @@ -3330,8 +3337,8 @@ attribute_hidden SEXP | ||
| do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| { | ||
| checkArity(op, args); | ||
| - if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); | ||
| - | ||
| + if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); | ||
| + return checkNotPromise(R_unserialize(CAR(args), CADR(args))); | ||
| SEXP object, icon, type, ver, fun; | ||
| object = CAR(args); args = CDR(args); | ||
| icon = CAR(args); args = CDR(args); | ||
| diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd | ||
| index 9417774..5a7fa23 100644 | ||
| --- a/doc/NEWS.Rd | ||
| +++ b/doc/NEWS.Rd | ||
| @@ -6,6 +6,12 @@ | ||
| \encoding{UTF-8} | ||
|
|
||
| \section{\Rlogo CHANGES IN R 4.0.1}{ | ||
| + \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/rstudio/r-builds}}{ | ||
| + \itemize{ | ||
| + \item readRDS() and unserialize() now signal an error instead of | ||
| + returning a PROMSXP, to fix CVE-2024-27322. | ||
| + } | ||
| + } | ||
|
|
||
| \subsection{NEW FEATURES}{ | ||
| \itemize{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e | ||
| Author: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41> | ||
| Date: Sun Mar 31 19:35:58 2024 +0000 | ||
|
|
||
| readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. | ||
|
|
||
|
|
||
| git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 | ||
|
|
||
| diff --git a/src/main/serialize.c b/src/main/serialize.c | ||
| index a389f71311..a190fbf8f3 100644 | ||
| --- a/src/main/serialize.c | ||
| +++ b/src/main/serialize.c | ||
| @@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| return R_NilValue; | ||
| } | ||
|
|
||
| +static SEXP checkNotPromise(SEXP val) | ||
| +{ | ||
| + if (TYPEOF(val) == PROMSXP) | ||
| + error(_("cannot return a promise (PROMSXP) object")); | ||
| + return val; | ||
| +} | ||
| + | ||
| /* unserializeFromConn(conn, hook) used from readRDS(). | ||
| It became public in R 2.13.0, and that version added support for | ||
| connections internally */ | ||
| @@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| con->close(con); | ||
| UNPROTECT(1); | ||
| } | ||
| - return ans; | ||
| + return checkNotPromise(ans); | ||
| } | ||
|
|
||
| /* | ||
| @@ -3330,8 +3337,8 @@ attribute_hidden SEXP | ||
| do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| { | ||
| checkArity(op, args); | ||
| - if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); | ||
| - | ||
| + if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); | ||
| + return checkNotPromise(R_unserialize(CAR(args), CADR(args))); | ||
| SEXP object, icon, type, ver, fun; | ||
| object = CAR(args); args = CDR(args); | ||
| icon = CAR(args); args = CDR(args); | ||
| diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd | ||
| index 4c45f26..69285cd 100644 | ||
| --- a/doc/NEWS.Rd | ||
| +++ b/doc/NEWS.Rd | ||
| @@ -6,6 +6,12 @@ | ||
| \encoding{UTF-8} | ||
|
|
||
| \section{\Rlogo CHANGES IN R 4.0.2}{ | ||
| + \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/rstudio/r-builds}}{ | ||
| + \itemize{ | ||
| + \item readRDS() and unserialize() now signal an error instead of | ||
| + returning a PROMSXP, to fix CVE-2024-27322. | ||
| + } | ||
| + } | ||
|
|
||
| \subsection{UTILITIES}{ | ||
| \itemize{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e | ||
| Author: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41> | ||
| Date: Sun Mar 31 19:35:58 2024 +0000 | ||
|
|
||
| readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. | ||
|
|
||
|
|
||
| git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 | ||
|
|
||
| diff --git a/src/main/serialize.c b/src/main/serialize.c | ||
| index a389f71311..a190fbf8f3 100644 | ||
| --- a/src/main/serialize.c | ||
| +++ b/src/main/serialize.c | ||
| @@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| return R_NilValue; | ||
| } | ||
|
|
||
| +static SEXP checkNotPromise(SEXP val) | ||
| +{ | ||
| + if (TYPEOF(val) == PROMSXP) | ||
| + error(_("cannot return a promise (PROMSXP) object")); | ||
| + return val; | ||
| +} | ||
| + | ||
| /* unserializeFromConn(conn, hook) used from readRDS(). | ||
| It became public in R 2.13.0, and that version added support for | ||
| connections internally */ | ||
| @@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| con->close(con); | ||
| UNPROTECT(1); | ||
| } | ||
| - return ans; | ||
| + return checkNotPromise(ans); | ||
| } | ||
|
|
||
| /* | ||
| @@ -3330,8 +3337,8 @@ attribute_hidden SEXP | ||
| do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| { | ||
| checkArity(op, args); | ||
| - if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); | ||
| - | ||
| + if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); | ||
| + return checkNotPromise(R_unserialize(CAR(args), CADR(args))); | ||
| SEXP object, icon, type, ver, fun; | ||
| object = CAR(args); args = CDR(args); | ||
| icon = CAR(args); args = CDR(args); | ||
| diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd | ||
| index 916961a..521a1fd 100644 | ||
| --- a/doc/NEWS.Rd | ||
| +++ b/doc/NEWS.Rd | ||
| @@ -6,6 +6,12 @@ | ||
| \encoding{UTF-8} | ||
|
|
||
| \section{\Rlogo CHANGES IN R 4.0.3}{ | ||
| + \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/rstudio/r-builds}}{ | ||
| + \itemize{ | ||
| + \item readRDS() and unserialize() now signal an error instead of | ||
| + returning a PROMSXP, to fix CVE-2024-27322. | ||
| + } | ||
| + } | ||
|
|
||
| \subsection{NEW FEATURES}{ | ||
| \itemize{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e | ||
| Author: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41> | ||
| Date: Sun Mar 31 19:35:58 2024 +0000 | ||
|
|
||
| readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. | ||
|
|
||
|
|
||
| git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 | ||
|
|
||
| diff --git a/src/main/serialize.c b/src/main/serialize.c | ||
| index a389f71311..a190fbf8f3 100644 | ||
| --- a/src/main/serialize.c | ||
| +++ b/src/main/serialize.c | ||
| @@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| return R_NilValue; | ||
| } | ||
|
|
||
| +static SEXP checkNotPromise(SEXP val) | ||
| +{ | ||
| + if (TYPEOF(val) == PROMSXP) | ||
| + error(_("cannot return a promise (PROMSXP) object")); | ||
| + return val; | ||
| +} | ||
| + | ||
| /* unserializeFromConn(conn, hook) used from readRDS(). | ||
| It became public in R 2.13.0, and that version added support for | ||
| connections internally */ | ||
| @@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| con->close(con); | ||
| UNPROTECT(1); | ||
| } | ||
| - return ans; | ||
| + return checkNotPromise(ans); | ||
| } | ||
|
|
||
| /* | ||
| @@ -3330,8 +3337,8 @@ attribute_hidden SEXP | ||
| do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| { | ||
| checkArity(op, args); | ||
| - if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); | ||
| - | ||
| + if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); | ||
| + return checkNotPromise(R_unserialize(CAR(args), CADR(args))); | ||
| SEXP object, icon, type, ver, fun; | ||
| object = CAR(args); args = CDR(args); | ||
| icon = CAR(args); args = CDR(args); | ||
| diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd | ||
| index ec44c62..510dadc 100644 | ||
| --- a/doc/NEWS.Rd | ||
| +++ b/doc/NEWS.Rd | ||
| @@ -6,6 +6,12 @@ | ||
| \encoding{UTF-8} | ||
|
|
||
| \section{\Rlogo CHANGES IN R 4.0.4}{ | ||
| + \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/rstudio/r-builds}}{ | ||
| + \itemize{ | ||
| + \item readRDS() and unserialize() now signal an error instead of | ||
| + returning a PROMSXP, to fix CVE-2024-27322. | ||
| + } | ||
| + } | ||
|
|
||
| \subsection{NEW FEATURES}{ | ||
| \itemize{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e | ||
| Author: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41> | ||
| Date: Sun Mar 31 19:35:58 2024 +0000 | ||
|
|
||
| readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. | ||
|
|
||
|
|
||
| git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 | ||
|
|
||
| diff --git a/src/main/serialize.c b/src/main/serialize.c | ||
| index a389f71311..a190fbf8f3 100644 | ||
| --- a/src/main/serialize.c | ||
| +++ b/src/main/serialize.c | ||
| @@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| return R_NilValue; | ||
| } | ||
|
|
||
| +static SEXP checkNotPromise(SEXP val) | ||
| +{ | ||
| + if (TYPEOF(val) == PROMSXP) | ||
| + error(_("cannot return a promise (PROMSXP) object")); | ||
| + return val; | ||
| +} | ||
| + | ||
| /* unserializeFromConn(conn, hook) used from readRDS(). | ||
| It became public in R 2.13.0, and that version added support for | ||
| connections internally */ | ||
| @@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| con->close(con); | ||
| UNPROTECT(1); | ||
| } | ||
| - return ans; | ||
| + return checkNotPromise(ans); | ||
| } | ||
|
|
||
| /* | ||
| @@ -3330,8 +3337,8 @@ attribute_hidden SEXP | ||
| do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) | ||
| { | ||
| checkArity(op, args); | ||
| - if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); | ||
| - | ||
| + if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); | ||
| + return checkNotPromise(R_unserialize(CAR(args), CADR(args))); | ||
| SEXP object, icon, type, ver, fun; | ||
| object = CAR(args); args = CDR(args); | ||
| icon = CAR(args); args = CDR(args); | ||
| diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd | ||
| index 5640a16..5bebf9e 100644 | ||
| --- a/doc/NEWS.Rd | ||
| +++ b/doc/NEWS.Rd | ||
| @@ -6,6 +6,12 @@ | ||
| \encoding{UTF-8} | ||
|
|
||
| \section{\Rlogo CHANGES IN R 4.0.5}{ | ||
| + \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/rstudio/r-builds}}{ | ||
| + \itemize{ | ||
| + \item readRDS() and unserialize() now signal an error instead of | ||
| + returning a PROMSXP, to fix CVE-2024-27322. | ||
| + } | ||
| + } | ||
| \subsection{BUG FIXES}{ | ||
| \itemize{ | ||
| \item The change to the internal table in \R 4.0.4 for |
Oops, something went wrong.