diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 16:12:51 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 16:12:51 -0300 |
| commit | 33cb47ee488b2381d87f5bb36818cae5fa76c22e (patch) | |
| tree | 8f85e606fc4c0a46475dbbc03f49c64eab674c03 | |
| parent | 1879c259b870938c42d5d52f63123bfa0b8c81c8 (diff) | |
| download | rails-33cb47ee488b2381d87f5bb36818cae5fa76c22e.tar.gz rails-33cb47ee488b2381d87f5bb36818cae5fa76c22e.tar.bz2 rails-33cb47ee488b2381d87f5bb36818cae5fa76c22e.zip | |
Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
| -rw-r--r-- | actionview/lib/action_view/template/html.rb | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/template/text.rb | 2 | ||||
| -rw-r--r-- | actionview/test/template/html_test.rb | 17 | ||||
| -rw-r--r-- | actionview/test/template/text_test.rb | 17 |
4 files changed, 36 insertions, 2 deletions
diff --git a/actionview/lib/action_view/template/html.rb b/actionview/lib/action_view/template/html.rb index 282da1a8a2..0321f819b5 100644 --- a/actionview/lib/action_view/template/html.rb +++ b/actionview/lib/action_view/template/html.rb @@ -27,7 +27,7 @@ module ActionView #:nodoc: end def formats - [@type.to_sym] + [@type.respond_to?(:ref) ? @type.ref : @type.to_s] end end end diff --git a/actionview/lib/action_view/template/text.rb b/actionview/lib/action_view/template/text.rb index 859c7bc3ce..04f5b8d17a 100644 --- a/actionview/lib/action_view/template/text.rb +++ b/actionview/lib/action_view/template/text.rb @@ -27,7 +27,7 @@ module ActionView #:nodoc: end def formats - [@type.to_sym] + [@type.respond_to?(:ref) ? @type.ref : @type.to_s] end end end diff --git a/actionview/test/template/html_test.rb b/actionview/test/template/html_test.rb new file mode 100644 index 0000000000..549c12c88c --- /dev/null +++ b/actionview/test/template/html_test.rb @@ -0,0 +1,17 @@ +require 'abstract_unit' + +class HTMLTest < ActiveSupport::TestCase + test 'formats returns symbol for recognized MIME type' do + assert_equal [:html], ActionView::Template::HTML.new('', :html).formats + end + + test 'formats returns string for recognized MIME type when MIME does not have symbol' do + foo = Mime::Type.lookup("foo") + assert_nil foo.to_sym + assert_equal ['foo'], ActionView::Template::HTML.new('', foo).formats + end + + test 'formats returns string for unknown MIME type' do + assert_equal ['foo'], ActionView::Template::HTML.new('', 'foo').formats + end +end diff --git a/actionview/test/template/text_test.rb b/actionview/test/template/text_test.rb new file mode 100644 index 0000000000..d899d54589 --- /dev/null +++ b/actionview/test/template/text_test.rb @@ -0,0 +1,17 @@ +require 'abstract_unit' + +class TextTest < ActiveSupport::TestCase + test 'formats returns symbol for recognized MIME type' do + assert_equal [:text], ActionView::Template::Text.new('', :text).formats + end + + test 'formats returns string for recognized MIME type when MIME does not have symbol' do + foo = Mime::Type.lookup("foo") + assert_nil foo.to_sym + assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats + end + + test 'formats returns string for unknown MIME type' do + assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats + end +end |