From 918f0eea970c9f0d39b8d470a316ad5109935dae Mon Sep 17 00:00:00 2001
From: Jordan Owens <jkowens@gmail.com>
Date: Tue, 12 Jan 2016 14:05:54 -0500
Subject: Prevent attempt to serve a request with a null byte

File paths cannot contain null byte characters and methods that do path
operations such as Rack::Utils#clean_path_info will raise unwanted
errors.
---
 actionpack/lib/action_dispatch/middleware/static.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb
index ea9ab3821d..41c220236a 100644
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@@ -27,7 +27,7 @@ module ActionDispatch
     # in the server's `public/` directory (see Static#call).
     def match?(path)
       path = ::Rack::Utils.unescape_path path
-      return false unless path.valid_encoding?
+      return false unless valid_path?(path)
       path = Rack::Utils.clean_path_info path
 
       paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
@@ -94,6 +94,10 @@ module ActionDispatch
           false
         end
       end
+
+      def valid_path?(path)
+        path.valid_encoding? && !path.include?("\0")
+      end
   end
 
   # This middleware will attempt to return the contents of a file's body from
-- 
cgit v1.2.3