From: HD Moore <redmine@...>
Date: 2010-05-25T10:49:33+09:00
Subject: [ruby-core:30406] [Bug #3337] MS-DOS device names are identified as readable_real

Bug #3337: MS-DOS device names are identified as readable_real
http://redmine.ruby-lang.org/issues/show/3337

Author: HD Moore
Status: Open, Priority: Normal
Category: core
ruby -v: ruby 1.9.3dev (2010-05-21 trunk 27931) [i386-mingw32]

Special MS-DOS filenames return true from a call to File.readable_real? and File.file?. This exposes certain popular projects to a denial of service on the Windows platform. 

irb(main):007:0> File.readable_real?("AUX")
=> true

Modifying File.file? and File.readable_real? to return false for MS-DOS device names will allow standard tests for static files to avoid MS-DOS names. The regular express below can be used to match against known MS-DOS names and should be inclusive, however a second set of eyes would be great.

/\/(CON|PRN|AUX|NUL|COM1|COM2|COM3|COM4|COM5|COM6|COM7|COM8|COM9|LPT1|LPT2|LPT3|LPT4|LPT5|LPT6|LPT7|LPT8|LPT9)([\.\/]|$)/i

If you need information on the specific projects affected by this bug, please contact me via email


----------------------------------------
http://redmine.ruby-lang.org