An upstream Ruby security notice [1] indicated that ruby suffered from a flaw where unintended files could be created if they contained a NUL characer in the file path or name. Certain methods like IO#open did not check the filename passed to them, and just passed those strings to lower layer routines, which could lead to unintentional files being created, as demonstrated:
p File.exists?("foo") #=> false
open("foo\0bar", "w") { |f| f.puts "hai" }
p File.exists?("foo") #=> true
p File.exists?("foo\0bar") #=> raises ArgumentError
Upstream indicates that ruby 1.9.3 prior to patchlevel 286 is vulnerable. An upstream patch is available [2].
[1] http://preview.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/
[2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163
An upstream Ruby security notice [1] indicated that ruby suffered from a flaw where unintended files could be created if they contained a NUL characer in the file path or name. Certain methods like IO#open did not check the filename passed to them, and just passed those strings to lower layer routines, which could lead to unintentional files being created, as demonstrated: p File.exists?("foo") #=> false open("foo\0bar", "w") { |f| f.puts "hai" } p File.exists?("foo") #=> true p File.exists?("foo\0bar") #=> raises ArgumentError Upstream indicates that ruby 1.9.3 prior to patchlevel 286 is vulnerable. An upstream patch is available [2]. [1] http://preview.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/ [2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163