3 files changed, 14 insertions, 2 deletions

diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
index 22d38e74..0cbd3732 100644
--- a/lib/rack/multipart/parser.rb
+++ b/lib/rack/multipart/parser.rb
@@ -6,7 +6,6 @@ module Rack
 
     class Parser
       BUFSIZE = 16384
-
       DUMMY = Struct.new(:parse).new
 
       def self.create(env)
@@ -19,7 +18,7 @@ module Rack
         content_length = content_length.to_i if content_length
 
         tempfile = env['rack.multipart.tempfile_factory'] ||
-          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename)]) }
+          lambda { |filename, content_type| Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))]) }
         bufsize = env['rack.multipart.buffer_size'] || BUFSIZE
 
         new($1, io, content_length, env, tempfile, bufsize)
diff --git a/test/multipart/filename_with_null_byte b/test/multipart/filename_with_null_byte
new file mode 100644
index 00000000..961d44c4
--- /dev/null
+++ b/test/multipart/filename_with_null_byte
@@ -0,0 +1,7 @@
+--AaB03x

+Content-Type: image/jpeg

+Content-Disposition: attachment; name="files"; filename="flowers.exe%00.jpg"

+Content-Description: a complete map of the human genome

+

+contents

+--AaB03x--

diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb
index 74578d7b..ffaca557 100644
--- a/test/spec_multipart.rb
+++ b/test/spec_multipart.rb
@@ -261,6 +261,12 @@ describe Rack::Multipart do
     params["files"].size.should.equal 252
   end
 
+  should "parse multipart form with a null byte in the filename" do
+    env = Rack::MockRequest.env_for '/', multipart_fixture(:filename_with_null_byte)
+    params = Rack::Multipart.parse_multipart(env)
+    params["files"][:filename].should.equal "flowers.exe\u0000.jpg"
+  end
+
   should "parse multipart/mixed" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:mixed_files))
     params = Rack::Utils::Multipart.parse_multipart(env)