summary refs log tree commit
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2016-09-28 10:12:29 -0700
committereileencodes <eileencodes@gmail.com>2017-05-08 12:53:11 -0400
commitc0598cd42b24f2c9ec870157b5501adef5e2bbb6 (patch)
tree64d3159891f59889641899ede30189092c21400d
parent2e6313c292ca8ac8e2459bc35185aac5a0e0a228 (diff)
downloadrack-c0598cd42b24f2c9ec870157b5501adef5e2bbb6.tar.gz
Merge pull request #1115 from Shopify/fix-multipart-parsing-with-null-byte
Handle NULL byte in multipart file name
Diffstat
-rw-r--r--lib/rack/multipart/parser.rb3
-rw-r--r--test/multipart/filename_with_null_byte7
-rw-r--r--test/spec_multipart.rb6
3 files changed, 14 insertions, 2 deletions
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
index 22d38e74..0cbd3732 100644
--- a/lib/rack/multipart/parser.rb
+++ b/lib/rack/multipart/parser.rb
@@ -6,7 +6,6 @@ module Rack
 
     class Parser
       BUFSIZE = 16384
-
       DUMMY = Struct.new(:parse).new
 
       def self.create(env)
@@ -19,7 +18,7 @@ module Rack
         content_length = content_length.to_i if content_length
 
         tempfile = env['rack.multipart.tempfile_factory'] ||
-          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename)]) }
+          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))]) }
         bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
 
         new($1, io, content_length, env, tempfile, bufsize)
diff --git a/test/multipart/filename_with_null_byte b/test/multipart/filename_with_null_byte
new file mode 100644
index 00000000..961d44c4
--- /dev/null
+++ b/test/multipart/filename_with_null_byte
@@ -0,0 +1,7 @@
+--AaB03x
+Content-Type: image/jpeg
+Content-Disposition: attachment; name="files"; filename="flowers.exe%00.jpg"
+Content-Description: a complete map of the human genome
+
+contents
+--AaB03x--
diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb
index 74578d7b..ffaca557 100644
--- a/test/spec_multipart.rb
+++ b/test/spec_multipart.rb
@@ -261,6 +261,12 @@ describe Rack::Multipart do
     params["files"].size.should.equal 252
   end
 
+  should "parse multipart form with a null byte in the filename" do
+    env = Rack::MockRequest.env_for '/', multipart_fixture(:filename_with_null_byte)
+    params = Rack::Multipart.parse_multipart(env)
+    params["files"][:filename].should.equal "flowers.exe\u0000.jpg"
+  end
+
   should "parse multipart/mixed" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:mixed_files))
     params = Rack::Utils::Multipart.parse_multipart(env)