Prevent attempt to serve a request with a null byte

File paths cannot contain null byte characters and methods that do path
operations such as Rack::Utils#clean_path_info will raise unwanted
errors.

1 files changed, 5 insertions, 1 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb
index ea9ab3821d..41c220236a 100644
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@@ -27,7 +27,7 @@ module ActionDispatch
     # in the server's `public/` directory (see Static#call).
     def match?(path)
       path = ::Rack::Utils.unescape_path path
-      return false unless path.valid_encoding?
+      return false unless valid_path?(path)
       path = Rack::Utils.clean_path_info path
 
       paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
@@ -94,6 +94,10 @@ module ActionDispatch
           false
         end
       end
+
+      def valid_path?(path)
+        path.valid_encoding? && !path.include?("\0")
+      end
   end
 
   # This middleware will attempt to return the contents of a file's body from