diff options
author | Terry Scheingeld <tscheingeld32@gmail.com> | 2019-12-11 11:24:59 -0500 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2019-12-11 22:54:59 +0000 |
commit | 024f7a8c8c780b6eae4f952dd6ef86dca8036cb6 (patch) | |
tree | 8c1b54ba331d68eaeb75d9dadd48af3db8a6b43e | |
parent | 08ba2e67d356c46ace310ce9a483511e68e9d6d6 (diff) | |
download | unicorn-024f7a8c8c780b6eae4f952dd6ef86dca8036cb6.tar.gz |
Ruby mistakenly taints the file path, causing File.unlink to fail: https://bugs.ruby-lang.org/issues/14485 Workaround the Ruby bug by keeping the path as a local variable and passing that to File.unlink, instead of the return value of File#path. Link: https://bogomips.org/unicorn-public/CABg1sXrvGv9G6CDQxePDUqTe6N-5UpLXm7eG3YQO=dda-Cgg7A@mail.gmail.com/
-rw-r--r-- | lib/unicorn/tmpio.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/unicorn/tmpio.rb b/lib/unicorn/tmpio.rb index db88ed3..0bbf6ec 100644 --- a/lib/unicorn/tmpio.rb +++ b/lib/unicorn/tmpio.rb @@ -11,12 +11,18 @@ class Unicorn::TmpIO < File # immediately, switched to binary mode, and userspace output # buffering is disabled def self.new + path = nil + + # workaround File#path being tainted: + # https://bugs.ruby-lang.org/issues/14485 fp = begin - super("#{Dir::tmpdir}/#{rand}", RDWR|CREAT|EXCL, 0600) + path = "#{Dir::tmpdir}/#{rand}" + super(path, RDWR|CREAT|EXCL, 0600) rescue Errno::EEXIST retry end - unlink(fp.path) + + unlink(path) fp.binmode fp.sync = true fp |