$OpenBSD: patch-bignum_c,v 1.1 2008/07/21 09:40:42 bernd Exp $

Fixes multiple security vulnerabilities.
http://secunia.com/advisories/29794/

Patch against ruby-1.8.6p114 from:
http://blog.phusion.nl/assets/r8ee-security-patch-20080623-2.txt
and
https://launchpad.net/ubuntu/+source/ruby1.8

1.8.6-p229 and 1.8.7-p21 will break rails applications.

--- bignum.c.orig	Wed Sep 19 04:13:21 2007
+++ bignum.c	Tue Jul  1 20:47:08 2008
@@ -36,8 +36,22 @@ VALUE rb_cBignum;
 #define BIGLO(x) ((BDIGIT)((x) & (BIGRAD-1)))
 #define BDIGMAX ((BDIGIT)-1)
 
-#define BIGZEROP(x) (RBIGNUM(x)->len == 0 || (RBIGNUM(x)->len == 1 && BDIGITS(x)[0] == 0))
+#define BIGZEROP(x) (RBIGNUM(x)->len == 0 || \
+		     (BDIGITS(x)[0] == 0 && \
+		      (RBIGNUM(x)->len == 1 || bigzero_p(x))))
 
+static int bigzero_p(VALUE);
+static int
+bigzero_p(x)
+    VALUE x;
+{
+    long i;
+    for (i = 0; i < RBIGNUM(x)->len; ++i) {
+	if (BDIGITS(x)[i]) return 0;
+    }
+    return 1;
+}
+
 static VALUE
 bignew_1(klass, len, sign)
     VALUE klass;
@@ -446,7 +460,7 @@ rb_cstr_to_inum(str, base, badcheck)
     }
     if (*str == '0') {		/* squeeze preceeding 0s */
 	while (*++str == '0');
-	if (!*str) --str;
+	if (!(c = *str) || ISSPACE(c)) --str;
     }
     c = *str;
     c = conv_digit(c);
@@ -652,6 +666,9 @@ rb_big2str0(x, base, trim)
     if (BIGZEROP(x)) {
 	return rb_str_new2("0");
     }
+    if (i >= LONG_MAX/SIZEOF_BDIGITS/CHAR_BIT) {
+	rb_raise(rb_eRangeError, "bignum too big to convert into `string'");
+    }
     j = SIZEOF_BDIGITS*CHAR_BIT*i;
     switch (base) {
       case 2: break;
@@ -706,7 +723,7 @@ rb_big2str0(x, base, trim)
 	while (k--) {
 	    s[--j] = ruby_digitmap[num % base];
 	    num /= base;
-	    if (!trim && j < 1) break;
+	    if (!trim && j <= 1) break;
 	    if (trim && i == 0 && num == 0) break;
 	}
     }
