rpms / rh-ror41-rubygem-actionpack

Clone
Source Code
GIT

Blame SOURCES/rubygem-actionpack-4.1.14.1-CVE-2016-0751-fix-possible-object-leak-and-denial-of-service-attack.patch

c7
  1.   0865fcf0873b30eb338a53b30bc865815c8430c8
  2.   SOURCES
  3.   rubygem-actionpack-4.1.14.1-CVE-2016-0751-fix-possible-object-leak-and-denial-of-service-attack.patch
Blob History Raw
0865fc 
From 5756321cd9e3ca12cb2b8402704c6680b4d7ca2a Mon Sep 17 00:00:00 2001
0865fc 
From: Aaron Patterson <aaron.patterson@gmail.com>
0865fc 
Date: Mon, 11 Jan 2016 14:36:49 -0800
0865fc 
Subject: [PATCH] stop caching mime types globally
0865fc
0865fc 
Unknown mime types should not be cached globally.  This global cache
0865fc 
leads to a memory leak and a denial of service vulnerability.
0865fc
0865fc 
CVE-2016-0751
0865fc 
---
0865fc 
 actionpack/lib/action_dispatch/http/mime_type.rb | 18 ++++++++++++++++--
0865fc 
 1 file changed, 16 insertions(+), 2 deletions(-)
0865fc
0865fc 
diff --git a/actionpack/lib/action_dispatch/http/mime_type.rb b/actionpack/lib/action_dispatch/http/mime_type.rb
0865fc 
index 9450be8..fc986f9 100644
0865fc 
--- a/actionpack/lib/action_dispatch/http/mime_type.rb
0865fc 
+++ b/actionpack/lib/action_dispatch/http/mime_type.rb
0865fc 
@@ -23,7 +23,7 @@ module Mime
0865fc
0865fc 
   SET              = Mimes.new
0865fc 
   EXTENSION_LOOKUP = {}
0865fc 
-  LOOKUP           = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
0865fc 
+  LOOKUP           = {}
0865fc
0865fc 
   class << self
0865fc 
     def [](type)
0865fc 
@@ -146,7 +146,7 @@ module Mime
0865fc 
       end
0865fc
0865fc 
       def lookup(string)
0865fc 
-        LOOKUP[string]
0865fc 
+        LOOKUP[string] || Type.new(string)
0865fc 
       end
0865fc
0865fc 
       def lookup_by_extension(extension)
0865fc 
@@ -225,9 +225,12 @@ module Mime
0865fc 
       end
0865fc 
     end
0865fc
0865fc 
+    attr_reader :hash
0865fc 
+
0865fc 
     def initialize(string, symbol = nil, synonyms = [])
0865fc 
       @symbol, @synonyms = symbol, synonyms
0865fc 
       @string = string
0865fc 
+      @hash = [@string, @synonyms, @symbol].hash
0865fc 
     end
0865fc
0865fc 
     def to_s
0865fc 
@@ -261,6 +264,13 @@ module Mime
0865fc 
       end
0865fc 
     end
0865fc
0865fc 
+    def eql?(other)
0865fc 
+      super || (self.class == other.class &&
0865fc 
+                @string    == other.string &&
0865fc 
+                @synonyms  == other.synonyms &&
0865fc 
+                @symbol    == other.symbol)
0865fc 
+    end
0865fc 
+
0865fc 
     def =~(mime_type)
0865fc 
       return false if mime_type.blank?
0865fc 
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
0865fc 
@@ -274,6 +284,10 @@ module Mime
0865fc 
     end
0865fc
0865fc
0865fc 
+    protected
0865fc 
+
0865fc 
+    attr_reader :string, :synonyms
0865fc 
+
0865fc 
     private
0865fc
0865fc 
     def to_ary; end
0865fc 
--
0865fc 
2.2.1
0865fc

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation