Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Prevent symlink path traversals

 * Closes CVE-2013-0262
  • Loading branch information...
commit 6f237e4c9fab649d3750482514f0fde76c56ab30 1 parent 0cd7e9a
@raggi raggi authored
Showing with 6 additions and 11 deletions.
  1. +6 −11 lib/rack/file.rb
View
17 lib/rack/file.rb
@@ -41,19 +41,14 @@ def _call(env)
path_info = Utils.unescape(env["PATH_INFO"])
parts = path_info.split SEPS
- parts.inject(0) do |depth, part|
- case part
- when '', '.'
- depth
- when '..'
- return fail(404, "Not Found") if depth - 1 < 0
- depth - 1
- else
- depth + 1
- end
+ clean = []
+
+ parts.each do |part|
+ next if part.empty? || part == '.'
+ part == '..' ? clean.pop : clean << part
end
- @path = F.join(@root, *parts)
+ @path = F.join(@root, *clean)
available = begin
F.file?(@path) && F.readable?(@path)
Please sign in to comment.
Something went wrong with that request. Please try again.