Permalink
Browse files

Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
  • Loading branch information...
1 parent 2413ba5 commit 3e215c090b890b06d5862881ec74b0bf6fb54bfa @rafaelfranca rafaelfranca committed Feb 18, 2014
Showing with 18 additions and 1 deletion.
  1. +1 −1 actionpack/lib/action_view/template/text.rb
  2. +17 −0 actionpack/test/template/text_test.rb
@@ -27,7 +27,7 @@ def render(*args)
end
def formats
- [@type.to_sym]
+ [@type.respond_to?(:ref) ? @type.ref : @type.to_s]
end
end
end
@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class TextTest < ActiveSupport::TestCase
+ test 'formats returns symbol for recognized MIME type' do
+ assert_equal [:text], ActionView::Template::Text.new('', :text).formats
+ end
+
+ test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+ foo = Mime::Type.lookup("foo")
+ assert_nil foo.to_sym
+ assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats
+ end
+
+ test 'formats returns string for unknown MIME type' do
+ assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats
+ end
+end

0 comments on commit 3e215c0

Please sign in to comment.