use StringValueCStr for string conversions

Ruby strings may contain embedded null bytes that
could create false positives.  Also, in Ruby 1.9, Ruby
strings may not be null-terminated internally, StringValueCStr
ensures null-termination upon export.

2 files changed, 5 insertions, 1 deletions

diff --git a/ext/rpatricia/rpatricia.c b/ext/rpatricia/rpatricia.c
index 066f82e..81e0990 100644
--- a/ext/rpatricia/rpatricia.c
+++ b/ext/rpatricia/rpatricia.c
@@ -46,7 +46,7 @@ wrap_node(patricia_node_t *orig)
 static void
 my_ascii2prefix(patricia_tree_t *tree, VALUE str, prefix_t *prefix)
 {
-  char *cstr = StringValuePtr(str);
+  char *cstr = StringValueCStr(str);
   prefix_t *ok = ascii2prefix(cstr, prefix);
 
   if (!ok)
diff --git a/test/test_invalid_inputs.rb b/test/test_invalid_inputs.rb
index 93e7a96..32b7003 100644
--- a/test/test_invalid_inputs.rb
+++ b/test/test_invalid_inputs.rb
@@ -7,6 +7,10 @@ class TestInvalidInput < Test::Unit::TestCase
     @t = Patricia.new
   end
 
+  def test_embedded_null
+    assert_raises(ArgumentError) { @t.add("100.0.0.0/8\0") }
+  end
+
   def test_invalid_add
     assert_raises(ArgumentError) { @t.add('1000.0.0.0/8') }
     assert_raises(ArgumentError) { @t.add("\0") }