Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
  • Loading branch information...
commit 857c6ee62c0582273d76e7b21b1eb295359eb837 1 parent 5aeb472
@rafaelfranca rafaelfranca authored
View
2  actionpack/lib/action_view/template/text.rb
@@ -23,7 +23,7 @@ def render(*args)
end
def formats
- [@mime_type.to_sym]
+ [@mime_type.respond_to?(:ref) ? @mime_type.ref : @mime_type.to_s]
end
def partial?
View
17 actionpack/test/template/text_test.rb
@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class TextTest < ActiveSupport::TestCase
+ test 'formats returns symbol for recognized MIME type' do
+ assert_equal [:text], ActionView::Template::Text.new('', :text).formats
+ end
+
+ test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+ foo = Mime::Type.lookup("foo")
+ assert_nil foo.to_sym
+ assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats
+ end
+
+ test 'formats returns string for unknown MIME type' do
+ assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats
+ end
+end

0 comments on commit 857c6ee

Please sign in to comment.
Something went wrong with that request. Please try again.