Skip to content

Commit 29aca25

Browse files
author
Mikel Lindsaar
committed
Preventing file system traversal in file_delivery method
1 parent 9beb079 commit 29aca25

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

Diff for: lib/mail/network/delivery_methods/file_delivery.rb

+2-2
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ module Mail
66
# So if you have an email going to fred@test, bob@test, joe@anothertest, and you
77
# set your location path to /path/to/mails then FileDelivery will create the directory
88
# if it does not exist, and put one copy of the email in three files, called
9-
# "fred@test", "bob@test" and "joe@anothertest"
9+
# by their message id
1010
#
1111
# Make sure the path you specify with :location is writable by the Ruby process
1212
# running Mail.
@@ -32,7 +32,7 @@ def deliver!(mail)
3232
end
3333

3434
mail.destinations.uniq.each do |to|
35-
::File.open(::File.join(settings[:location], to), 'a') { |f| "#{f.write(mail.encoded)}\r\n\r\n" }
35+
::File.open(::File.join(settings[:location], File.basename(to.to_s)), 'a') { |f| "#{f.write(mail.encoded)}\r\n\r\n" }
3636
end
3737
end
3838

Diff for: spec/mail/network/delivery_methods/file_delivery_spec.rb

+15
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,21 @@
7474
File.exists?(delivery).should be_true
7575
end
7676

77+
it "should use the base name of the file name to prevent file system traversal" do
78+
Mail.defaults do
79+
delivery_method :file, :location => tmpdir
80+
end
81+
82+
Mail.deliver do
83+
from 'roger@moore.com'
84+
to '../../../../../../../../../../../tmp/pwn'
85+
subject 'evil hacker'
86+
end
87+
88+
delivery = File.join(Mail.delivery_method.settings[:location], 'pwn')
89+
File.exists?(delivery).should be_true
90+
end
91+
7792
end
7893

7994
end

0 commit comments

Comments
 (0)