Project

General

Profile

Actions

Bug #3337

closed

MS-DOS device names are identified as readable_real

Added by hdm (HD Moore) over 14 years ago. Updated about 7 years ago.

Status:
Closed
Assignee:
Target version:
ruby -v:
ruby 1.9.3dev (2010-05-21 trunk 27931) [i386-mingw32]
[ruby-core:30406]

Description

Special MS-DOS filenames return true from a call to File.readable_real? and File.file?. This exposes certain popular projects to a denial of service on the Windows platform.

irb(main):007:0> File.readable_real?("AUX")
=> true

Modifying File.file? and File.readable_real? to return false for MS-DOS device names will allow standard tests for static files to avoid MS-DOS names. The regular express below can be used to match against known MS-DOS names and should be inclusive, however a second set of eyes would be great.

/\/(CON|PRN|AUX|NUL|COM1|COM2|COM3|COM4|COM5|COM6|COM7|COM8|COM9|LPT1|LPT2|LPT3|LPT4|LPT5|LPT6|LPT7|LPT8|LPT9)([\.\/]|$)/i

If you need information on the specific projects affected by this bug, please contact me via email

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0