Attachment 831321 Details for Bug 1036409 – CVE-2013-6417-4-0-rack-params.patch

[patch] CVE-2013-6417-4-0-rack-params.patch

CVE-2013-6417-4-0-rack-params.patch (text/plain), 2.74 KB, created by Kurt Seifried on 2013-12-01 22:39:57 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kurt Seifried

Created: 2013-12-01 22:39:57 UTC

Size: 2.74 KB

patch

obsolete

>From 6857592b46ac5a41464734e5bc5fc070d2a265fc Mon Sep 17 00:00:00 2001
>From: Michael Koziarski <michael@koziarski.com>
>Date: Sat, 30 Nov 2013 16:45:23 +1300
>Subject: [PATCH] Deep Munge the parameters for GET and POST
>
>The previous implementation of this functionality could be accidentally
>subverted by instantiating a raw Rack::Request before the first Rails::Request
>was constructed.
>
>Fixes CVE-2013-6417
>---
> actionpack/lib/action_dispatch/http/request.rb            |  4 ++--
> .../test/dispatch/request/query_string_parsing_test.rb    | 15 +++++++++++++++
> 2 files changed, 17 insertions(+), 2 deletions(-)
>
>diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
>index ebd87c4..ba04000 100644
>--- a/actionpack/lib/action_dispatch/http/request.rb
>+++ b/actionpack/lib/action_dispatch/http/request.rb
>@@ -271,7 +271,7 @@ module ActionDispatch
> 
>     # Override Rack's GET method to support indifferent access
>     def GET
>-      @env["action_dispatch.request.query_parameters"] ||= (normalize_encode_params(super) || {})
>+      @env["action_dispatch.request.query_parameters"] ||= deep_munge((normalize_encode_params(super) || {}))
>     rescue TypeError => e
>       raise ActionController::BadRequest.new(:query, e)
>     end
>@@ -279,7 +279,7 @@ module ActionDispatch
> 
>     # Override Rack's POST method to support indifferent access
>     def POST
>-      @env["action_dispatch.request.request_parameters"] ||= (normalize_encode_params(super) || {})
>+      @env["action_dispatch.request.request_parameters"] ||= deep_munge((normalize_encode_params(super) || {}))
>     rescue TypeError => e
>       raise ActionController::BadRequest.new(:request, e)
>     end
>diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb
>index f072a9f..0ad0dbc 100644
>--- a/actionpack/test/dispatch/request/query_string_parsing_test.rb
>+++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb
>@@ -11,6 +11,17 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest
>       head :ok
>     end
>   end
>+  class EarlyParse
>+    def initialize(app)
>+      @app = app
>+    end
>+
>+    def call(env)
>+      # Trigger a Rack parse so that env caches the query params
>+      Rack::Request.new(env).params
>+      @app.call(env)
>+    end
>+  end
> 
>   def teardown
>     TestController.last_query_parameters = nil
>@@ -131,6 +142,10 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest
>         set.draw do
>           get ':action', :to => ::QueryStringParsingTest::TestController
>         end
>+        @app = self.class.build_app(set) do |middleware|
>+          middleware.use(EarlyParse)
>+        end
>+
> 
>         get "/parse", actual
>         assert_response :ok
>-- 
>1.8.3.4
>

Actions: View | Diff

Attachments on bug 1036409: 831320 | 831321