Skip to content
This repository
Browse code

Prevent symlink path traversals

 * Closes CVE-2013-0262
  • Loading branch information...
commit 6f237e4c9fab649d3750482514f0fde76c56ab30 1 parent 0cd7e9a
James Tucker authored February 06, 2013

Showing 1 changed file with 6 additions and 11 deletions. Show diff stats Hide diff stats

  1. 17  lib/rack/file.rb
17  lib/rack/file.rb
@@ -41,19 +41,14 @@ def _call(env)
41 41
       path_info = Utils.unescape(env["PATH_INFO"])
42 42
       parts = path_info.split SEPS
43 43
 
44  
-      parts.inject(0) do |depth, part|
45  
-        case part
46  
-        when '', '.'
47  
-          depth
48  
-        when '..'
49  
-          return fail(404, "Not Found") if depth - 1 < 0
50  
-          depth - 1
51  
-        else
52  
-          depth + 1
53  
-        end
  44
+      clean = []
  45
+
  46
+      parts.each do |part|
  47
+        next if part.empty? || part == '.'
  48
+        part == '..' ? clean.pop : clean << part
54 49
       end
55 50
 
56  
-      @path = F.join(@root, *parts)
  51
+      @path = F.join(@root, *clean)
57 52
 
58 53
       available = begin
59 54
         F.file?(@path) && F.readable?(@path)

0 notes on commit 6f237e4

Please sign in to comment.
Something went wrong with that request. Please try again.