| @@ -0,0 +1,30 | |||
|
|
1 | # Copyright (c) 2009 Michael Koziarski <michael@koziarski.com> | |
|
|
2 | # | |
|
|
3 | # Permission to use, copy, modify, and/or distribute this software for any | |
|
|
4 | # purpose with or without fee is hereby granted, provided that the above | |
|
|
5 | # copyright notice and this permission notice appear in all copies. | |
|
|
6 | # | |
|
|
7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
|
|
8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
|
|
9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
|
|
10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
|
|
11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
|
|
12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
|
|
13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
|
|
14 | ||
|
|
15 | require 'bigdecimal' | |
|
|
16 | ||
|
|
17 | alias BigDecimalUnsafe BigDecimal | |
|
|
18 | ||
|
|
19 | ||
|
|
20 | # This fixes CVE-2009-1904 however it removes legitimate functionality that your | |
|
|
21 | # application may depend on. You are *strongly* advised to upgrade your ruby | |
|
|
22 | # rather than relying on this fix for an extended period of time. | |
|
|
23 | ||
|
|
24 | def BigDecimal(initial, digits=0) | |
|
|
25 | if initial.size > 255 || initial =~ /e/i | |
|
|
26 | raise "Invalid big Decimal Value" | |
|
|
27 | end | |
|
|
28 | BigDecimalUnsafe(initial, digits) | |
|
|
29 | end | |
|
|
30 | ||
General Comments 0
You need to be logged in to leave comments.
Login now