Permalink
Browse files

Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
  • Loading branch information...
1 parent ace0322 commit 06cbb8a132b89cfb4679a3cfda16389c391bbe89 @rafaelfranca rafaelfranca committed Feb 12, 2014
Showing with 18 additions and 1 deletion.
  1. +1 −1 actionpack/lib/action_view/template/text.rb
  2. +17 −0 actionpack/test/template/text_test.rb
@@ -23,7 +23,7 @@ def render(*args)
end
def formats
- [@mime_type.to_sym]
+ [@mime_type.respond_to?(:ref) ? @mime_type.ref : @mime_type.to_s]
end
end
end
@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class TextTest < ActiveSupport::TestCase
+ test 'formats returns symbol for recognized MIME type' do
+ assert_equal [:text], ActionView::Template::Text.new('', :text).formats
+ end
+
+ test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+ foo = Mime::Type.lookup("foo")
+ assert_nil foo.to_sym
+ assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats
+ end
+
+ test 'formats returns string for unknown MIME type' do
+ assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats
+ end
+end

0 comments on commit 06cbb8a

Please sign in to comment.