Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make filepaths with null byte fail #2583

Merged
merged 1 commit into from Feb 11, 2015
Merged

Conversation

@lumeet
Copy link
Contributor

@lumeet lumeet commented Feb 9, 2015

This patch applies to several methods that deal with filepaths in Dir,
File, File::Stat, IO, and Kernel. All of these methods now raise an
argument error if a null byte is detected in a path argument.

Some of these methods are also slightly refactored, mostly by replacing
context.runtime with just runtime where applicable.

MRI uses StringValueCstr extensively for this purpose. In JRuby StringSupport.checkEmbeddedNulls seems to do the same job unless I've missed something.

After http://jira.codehaus.org/browse/JRUBY-4828, at least File.read raised a SecurityError with the same message but the current 1.7 branch doesn't seem to have any of these checks.

This patch applies to several methods that deal with filepaths in Dir,
File, File::Stat, IO, and Kernel. All of these methods now raise an
argument error if a null byte is detected in a path argument.

Some of these methods are also slightly refactored, mostly by replacing
context.runtime with just runtime where applicable.
@enebo enebo added this to the 9.0.0.0.pre2 milestone Feb 11, 2015
enebo added a commit that referenced this pull request Feb 11, 2015
@enebo enebo merged commit ab22fca into jruby:master Feb 11, 2015
1 check passed
1 check passed
continuous-integration/travis-ci The Travis CI build passed
Details
@lumeet lumeet deleted the lumeet:filename_with_null_byte branch Feb 11, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants