[ruby-core:29925] [Bug #3234] YAML fails to load a dumped string (exception)

< ^ > P N |<>|^_>< --- | ~ ...Help
Bug #3234: YAML fails to load a dumped string (exception)
http://redmine.ruby-lang.org/issues/show/3234

Author: HD Moore
Status: Open, Priority: Normal
ruby -v: ruby 1.9.2dev (2010-04-27 trunk 27507) [x86_64-linux]

A specific (but common) sequence of bytes cannot be loaded after being dumped by YAML. This has a serious impact on AR serialization when a malicious user can input a string to be serialized. It also happens to break my app. The bug occurs on 1.8.7, 1.9.1-stable, and trunk.

<code>
require 'yaml'

str = ["0a20200a202020566f6c756d6520696e206472697665204320686173206e6f206c6162656c2e0d0a202020566f6c756d652053657269616c204e756d62657220697320414337392d393934320d0a20200d0a2020204469726563746f7279206f6620633a5c0d0a20200d0a202030372f31362f32303038202031303a333520504d202020202020202020202020202020202030204155544f455845432e4241540d0a202030332f32332f32303130202030333a303920504d20202020202020202020202033332c3935362062756c6b77686f69732e7064660d0a202030372f31362f32303038202031303a333520504d20202020202020202020202020202020203020434f4e4649472e5359530d0a202030372f31372f32303038202030383a343020414d202020203c4449523e20202020202020202020446f63756d656e747320616e642053657474696e67730d0a202030352f30312f32303130202031323a353620504d202020203c4449523e202020202020202020206d65746173706c6f69740d0a202030352f30312f32303130202031323a353120504d202020203c4449523e2020202020202020202050726f6772616d2046696c65730d0a202031322f30332f32303039202030373a303720414d202020203c4449523e2020202020202020202057494e444!
 f57530d0a2020202020202020202020202020202020332046696c6528732920202020202020202033332c3935362062797465730d0a20202020202020202020202020202020203420446972287329202031352c3034352c3832342c35313220627974657320667265650d0a20200a20200a"].pack("H*")

YAML.load(YAML.dump_stream(str))
</code>

Stack trace:
' (ArgumentError)by-1.9.1-head/lib/ruby/1.9.1/syck.rb:135:in `load': syntax error on line 8, col 2: `  07/16/2008  10:35 PM                 0 AUTOEXEC.BAT
	from /home/hdm/.rvm/ruby-1.9.1-head/lib/ruby/1.9.1/syck.rb:135:in `load'
	from yaml_death.rb:5:in `<main>'


----------------------------------------
http://redmine.ruby-lang.org