On 2023-03-28 20:37:56 -0300, Antonio Terceiro wrote:
> Still, I see no evidence that this is caused by the Ruby interpreter.
> For example apt-listbugs uses a SOAP library that is severely
> unmaintained upstream and has been on life support for some time now. It
> could be that library that is doing crazy things when the server does
> not reply in exactly the way it expects.
Note that in both failures, a line of the source, e.g.
/usr/lib/ruby/3.0.0/uri/generic.rb
or
/usr/lib/ruby/3.0.0/bundler/vendor/uri/lib/uri/generic.rb
for " # returns password\n" in my case in 2022, and
/usr/lib/ruby/vendor_ruby/aptlistbugs/logic.rb
for " if /proxy_detect='(.*)'/ =~ `apt-config \#{@apt_conf} shell
proxy_detect acquire::http::proxy-auto-detect`\n"
in the other case a few days ago, is regarded by the Ruby interpreter
as a String. Has any .rb library, even if severely buggy, the power
to do that?
Otherwise, could it be that apt-listbugs invokes the `default' method
of some object obtained by SOAP, but this would mean that the server
sends some part of .rb code as a String object in some cases? (This
seems rather unlikely, and that could imply a security issue on the
client side, if the client doesn't check what it receives.)
IMHO, this looks like some kind of pointer corruption.
--
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
