Project

General

Profile

Misc #14216

webrick: audit and fix Kernel#open misuse

Added by normalperson (Eric Wong) over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
[ruby-core:84391]

Description

Based on Bug #14205 and Bug #14212,
webrick also needs to be checked for Kernel#open misuse.

Updated by normalperson (Eric Wong) over 2 years ago

normalperson@yhbt.net wrote:

https://bugs.ruby-lang.org/issues/14216

I don't think there's actual bugs in webrick because of Kernel#open.

The following series tightens down wrong/nonsensical behavior,
and makes future code auditing easier by favoring File.open
instead of Kernel#open.

The only remaining instance of Kernel#open in webrick is in
load_mime_types of webrick/httputils; where I think "|command"
can be beneficial (if the command is used at all).

https://80x24.org/spew/20171221115507.27500-2-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-3-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-4-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-5-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-6-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-7-e@80x24.org/raw

#2

Updated by Anonymous over 2 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r61397.


webrick: httpauth requires regular files

Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.

  • lib/webrick/httpauth/htdigest.rb: use File.open
  • lib/webrick/httpauth/htgroup.rb: ditto
  • lib/webrick/httpauth/htpasswd.rb: ditto [Misc #14216]

Also available in: Atom PDF