Project

General

Profile

Actions
Copy link

Misc #14216

closed

webrick: audit and fix Kernel#open misuse

Added by normalperson (Eric Wong) over 6 years ago. Updated over 6 years ago.

Status:
Closed
Assignee:
-
[ruby-core:84391]

Description

Based on [Bug #14205] (resolv) and [Bug #14212] (logger),
webrick also needs to be checked for Kernel#open misuse.

Actions
Copy link
 #1 [ruby-core:84392]

Updated by normalperson (Eric Wong) over 6 years ago

wrote:

https://bugs.ruby-lang.org/issues/14216

I don't think there's actual bugs in webrick because of Kernel#open.

The following series tightens down wrong/nonsensical behavior,
and makes future code auditing easier by favoring File.open
instead of Kernel#open.

The only remaining instance of Kernel#open in webrick is in
load_mime_types of webrick/httputils; where I think "|command"
can be beneficial (if the command is used at all).

https://80x24.org/spew/20171221115507.27500-2-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-3-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-4-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-5-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-6-e@80x24.org/raw
https://80x24.org/spew/20171221115507.27500-7-e@80x24.org/raw

Actions
Copy link
 #2

Updated by Anonymous over 6 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r61397.

webrick: httpauth requires regular files

Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.

  • lib/webrick/httpauth/htdigest.rb: use File.open
  • lib/webrick/httpauth/htgroup.rb: ditto
  • lib/webrick/httpauth/htpasswd.rb: ditto
    [Misc #14216]
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0