Bug #3337
Updated by nobu (Nobuyoshi Nakada) over 6 years ago
=begin Special MS-DOS filenames return true from a call to `File.readable_real?` File.readable_real? and `File.file?`. File.file?. This exposes certain popular projects to a denial of service on the Windows platform. ``` irb(main):007:0> File.readable_real?("AUX") => true ``` Modifying `File.file?` File.file? and `File.readable_real?` File.readable_real? to return `false` false for MS-DOS device names will allow standard tests for static files to avoid MS-DOS names. The regular express below can be used to match against known MS-DOS names and should be inclusive, however a second set of eyes would be great. ```ruby /\/(CON|PRN|AUX|NUL|COM1|COM2|COM3|COM4|COM5|COM6|COM7|COM8|COM9|LPT1|LPT2|LPT3|LPT4|LPT5|LPT6|LPT7|LPT8|LPT9)([\.\/]|$)/i ``` If you need information on the specific projects affected by this bug, please contact me via email =end