From: "usa (Usaku NAKAMURA)" <usa@...>
Date: 2012-10-31T16:28:57+09:00
Subject: [ruby-core:48645] [ruby-trunk - Bug #3337] MS-DOS device names are identified as readable_real


Issue #3337 has been updated by usa (Usaku NAKAMURA).

Description updated
Target version changed from 2.0.0 to next minor


----------------------------------------
Bug #3337: MS-DOS device names are identified as readable_real
https://bugs.ruby-lang.org/issues/3337#change-32058

Author: hdm (HD Moore)
Status: Assigned
Priority: Low
Assignee: usa (Usaku NAKAMURA)
Category: core
Target version: next minor
ruby -v: ruby 1.9.3dev (2010-05-21 trunk 27931) [i386-mingw32]


=begin
 Special MS-DOS filenames return true from a call to File.readable_real? and File.file?. This exposes certain popular projects to a denial of service on the Windows platform. 
 
 irb(main):007:0> File.readable_real?("AUX")
 => true
 
 Modifying File.file? and File.readable_real? to return false for MS-DOS device names will allow standard tests for static files to avoid MS-DOS names. The regular express below can be used to match against known MS-DOS names and should be inclusive, however a second set of eyes would be great.
 
 /\/(CON|PRN|AUX|NUL|COM1|COM2|COM3|COM4|COM5|COM6|COM7|COM8|COM9|LPT1|LPT2|LPT3|LPT4|LPT5|LPT6|LPT7|LPT8|LPT9)([\.\/]|$)/i
 
 If you need information on the specific projects affected by this bug, please contact me via email
=end



-- 
http://bugs.ruby-lang.org/