diff options
author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-22 01:08:00 +0000 |
---|---|---|
committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-22 01:08:00 +0000 |
commit | 1ad355bd53653161e705e7d919b3ad1ea793a3f5 (patch) | |
tree | edb1aa2c3dbf5399256bdc12a94b60c38a43ec4b /lib | |
parent | 1989371d10bccc2a1e6e9b31bd17992899870372 (diff) |
webrick/httpservlet/*handler: use File.open
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/webrick/httpservlet/erbhandler.rb | 2 | ||||
-rw-r--r-- | lib/webrick/httpservlet/filehandler.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/webrick/httpservlet/erbhandler.rb b/lib/webrick/httpservlet/erbhandler.rb index 9bcec69883..aa02ce8a1d 100644 --- a/lib/webrick/httpservlet/erbhandler.rb +++ b/lib/webrick/httpservlet/erbhandler.rb @@ -53,7 +53,7 @@ module WEBrick raise HTTPStatus::Forbidden, "ERBHandler cannot work." end begin - data = open(@script_filename){|io| io.read } + data = File.open(@script_filename, &:read) res.body = evaluate(ERB.new(data), req, res) res['content-type'] ||= HTTPUtils::mime_type(@script_filename, @config[:MimeTypes]) diff --git a/lib/webrick/httpservlet/filehandler.rb b/lib/webrick/httpservlet/filehandler.rb index 3ea1eec7d0..2c02d0ffe7 100644 --- a/lib/webrick/httpservlet/filehandler.rb +++ b/lib/webrick/httpservlet/filehandler.rb @@ -57,7 +57,7 @@ module WEBrick res['content-type'] = mtype res['content-length'] = st.size res['last-modified'] = mtime.httpdate - res.body = open(@local_path, "rb") + res.body = File.open(@local_path, "rb") end end @@ -92,7 +92,7 @@ module WEBrick raise HTTPStatus::BadRequest, "Unrecognized range-spec: \"#{req['range']}\"" end - open(filename, "rb"){|io| + File.open(filename, "rb"){|io| if ranges.size > 1 time = Time.now boundary = "#{time.sec}_#{time.usec}_#{Process::pid}" |