Chris@909: # Copyright (c) 2009 Michael Koziarski <michael@koziarski.com>
Chris@909: # 
Chris@909: # Permission to use, copy, modify, and/or distribute this software for any
Chris@909: # purpose with or without fee is hereby granted, provided that the above
Chris@909: # copyright notice and this permission notice appear in all copies.
Chris@909: # 
Chris@909: # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
Chris@909: # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
Chris@909: # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
Chris@909: # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
Chris@909: # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
Chris@909: # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Chris@909: # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Chris@909: 
Chris@909: require 'bigdecimal'
Chris@909: 
Chris@909: alias BigDecimalUnsafe BigDecimal
Chris@909: 
Chris@909: 
Chris@909: # This fixes CVE-2009-1904 however it removes legitimate functionality that your
Chris@909: # application may depend on.  You are *strongly* advised to upgrade your ruby
Chris@909: # rather than relying on this fix for an extended period of time.
Chris@909: 
Chris@909: def BigDecimal(initial, digits=0)
Chris@909:   if initial.size > 255 || initial =~ /e/i
Chris@909:     raise "Invalid big Decimal Value"
Chris@909:   end
Chris@909:   BigDecimalUnsafe(initial, digits)
Chris@909: end
Chris@909: