Merge pull request #24150 from exviva/unmarshal-infinite-retry

Prevent `Marshal.load` from looping infinitely
author: Xavier Noria <fxn@hashref.com> 2016-03-11 08:26:52 -0800
committer: Xavier Noria <fxn@hashref.com> 2016-03-11 08:26:52 -0800
commit: e56b594d323e9c17398e65caa0fad20500868135 (patch)
tree: a017cc53ec9cb63f8d956b5deeed7b15a41fcce6 /activesupport/lib
parent: 120517706e778035ecb9920a8538a00578e79a63 (diff)
parent: aa0fad51482c24ece58ec7186c45fd340b35ecb1 (diff)
download: rails-e56b594d323e9c17398e65caa0fad20500868135.tar.gz
rails-e56b594d323e9c17398e65caa0fad20500868135.tar.bz2
rails-e56b594d323e9c17398e65caa0fad20500868135.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/activesupport/lib/active_support/core_ext/marshal.rb b/activesupport/lib/active_support/core_ext/marshal.rb
index e333b26133..ca278cb2fa 100644
--- a/activesupport/lib/active_support/core_ext/marshal.rb
+++ b/activesupport/lib/active_support/core_ext/marshal.rb
@@ -5,7 +5,10 @@ module ActiveSupport
     rescue ArgumentError, NameError => exc
       if exc.message.match(%r|undefined class/module (.+)|)
         # try loading the class/module
-        $1.constantize
+        loaded = $1.constantize
+
+        raise unless $1 == loaded.name
+
         # if it is an IO we need to go back to read the object
         source.rewind if source.respond_to?(:rewind)
         retry
author	Xavier Noria <fxn@hashref.com>	2016-03-11 08:26:52 -0800
committer	Xavier Noria <fxn@hashref.com>	2016-03-11 08:26:52 -0800
commit	e56b594d323e9c17398e65caa0fad20500868135 (patch)
tree	a017cc53ec9cb63f8d956b5deeed7b15a41fcce6 /activesupport/lib
parent	120517706e778035ecb9920a8538a00578e79a63 (diff)
parent	aa0fad51482c24ece58ec7186c45fd340b35ecb1 (diff)
download	rails-e56b594d323e9c17398e65caa0fad20500868135.tar.gz rails-e56b594d323e9c17398e65caa0fad20500868135.tar.bz2 rails-e56b594d323e9c17398e65caa0fad20500868135.zip