Prevent symlink path traversals

* Closes CVE-2013-0262
author: James Tucker <jftucker@gmail.com> 2013-02-06 16:25:22 -0800
committer: James Tucker <jftucker@gmail.com> 2013-02-07 18:36:04 -0800
commit: 8de3c1d9902f8e64a385f38cf5711f26ffba19db (patch)
tree: b8ba4c0b67ba713edf2c52cf4682e8d80ebc5bb5
parent: 3316749e3cd0b2bf43400e215f62b06499f00dbc (diff)
download: rack-8de3c1d9902f8e64a385f38cf5711f26ffba19db.tar.gz
1 files changed, 6 insertions, 11 deletions
diff --git a/lib/rack/file.rb b/lib/rack/file.rb
index 090a0015..ee58a1a7 100644
--- a/lib/rack/file.rb
+++ b/lib/rack/file.rb
@@ -41,19 +41,14 @@ module Rack
       path_info = Utils.unescape(env["PATH_INFO"])
       parts = path_info.split SEPS
 
-      parts.inject(0) do |depth, part|
-        case part
-        when '', '.'
-          depth
-        when '..'
-          return fail(404, "Not Found") if depth - 1 < 0
-          depth - 1
-        else
-          depth + 1
-        end
+      clean = []
+
+      parts.each do |part|
+        next if part.empty? || part == '.'
+        part == '..' ? clean.pop : clean << part
       end
 
-      @path = F.join(@root, *parts)
+      @path = F.join(@root, *clean)
 
       available = begin
         F.file?(@path) && F.readable?(@path)
author	James Tucker <jftucker@gmail.com>	2013-02-06 16:25:22 -0800
committer	James Tucker <jftucker@gmail.com>	2013-02-07 18:36:04 -0800
commit	8de3c1d9902f8e64a385f38cf5711f26ffba19db (patch)
tree	b8ba4c0b67ba713edf2c52cf4682e8d80ebc5bb5
parent	3316749e3cd0b2bf43400e215f62b06499f00dbc (diff)
download	rack-8de3c1d9902f8e64a385f38cf5711f26ffba19db.tar.gz