Skip to content
This repository
Browse code

Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
  • Loading branch information...
commit 857c6ee62c0582273d76e7b21b1eb295359eb837 1 parent 5aeb472
Rafael Mendonça França rafaelfranca authored
2  actionpack/lib/action_view/template/text.rb
@@ -23,7 +23,7 @@ def render(*args)
23 23 end
24 24
25 25 def formats
26   - [@mime_type.to_sym]
  26 + [@mime_type.respond_to?(:ref) ? @mime_type.ref : @mime_type.to_s]
27 27 end
28 28
29 29 def partial?
17 actionpack/test/template/text_test.rb
... ... @@ -0,0 +1,17 @@
  1 +require 'abstract_unit'
  2 +
  3 +class TextTest < ActiveSupport::TestCase
  4 + test 'formats returns symbol for recognized MIME type' do
  5 + assert_equal [:text], ActionView::Template::Text.new('', :text).formats
  6 + end
  7 +
  8 + test 'formats returns string for recognized MIME type when MIME does not have symbol' do
  9 + foo = Mime::Type.lookup("foo")
  10 + assert_nil foo.to_sym
  11 + assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats
  12 + end
  13 +
  14 + test 'formats returns string for unknown MIME type' do
  15 + assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats
  16 + end
  17 +end

0 comments on commit 857c6ee

Please sign in to comment.
Something went wrong with that request. Please try again.