Skip to content
This repository
Browse code

Preventing file system traversal in file_delivery method

  • Loading branch information...
commit 29aca25218e4c82991400eb9b0c933626aefc98f 1 parent 9beb079
Mikel Lindsaar authored
4 lib/mail/network/delivery_methods/file_delivery.rb
@@ -6,7 +6,7 @@ module Mail
6 6 # So if you have an email going to fred@test, bob@test, joe@anothertest, and you
7 7 # set your location path to /path/to/mails then FileDelivery will create the directory
8 8 # if it does not exist, and put one copy of the email in three files, called
9   - # "fred@test", "bob@test" and "joe@anothertest"
  9 + # by their message id
10 10 #
11 11 # Make sure the path you specify with :location is writable by the Ruby process
12 12 # running Mail.
@@ -32,7 +32,7 @@ def deliver!(mail)
32 32 end
33 33
34 34 mail.destinations.uniq.each do |to|
35   - ::File.open(::File.join(settings[:location], to), 'a') { |f| "#{f.write(mail.encoded)}\r\n\r\n" }
  35 + ::File.open(::File.join(settings[:location], File.basename(to.to_s)), 'a') { |f| "#{f.write(mail.encoded)}\r\n\r\n" }
36 36 end
37 37 end
38 38
15 spec/mail/network/delivery_methods/file_delivery_spec.rb
@@ -74,6 +74,21 @@
74 74 File.exists?(delivery).should be_true
75 75 end
76 76
  77 + it "should use the base name of the file name to prevent file system traversal" do
  78 + Mail.defaults do
  79 + delivery_method :file, :location => tmpdir
  80 + end
  81 +
  82 + Mail.deliver do
  83 + from 'roger@moore.com'
  84 + to '../../../../../../../../../../../tmp/pwn'
  85 + subject 'evil hacker'
  86 + end
  87 +
  88 + delivery = File.join(Mail.delivery_method.settings[:location], 'pwn')
  89 + File.exists?(delivery).should be_true
  90 + end
  91 +
77 92 end
78 93
79 94 end

0 comments on commit 29aca25

Please sign in to comment.
Something went wrong with that request. Please try again.