Bug #3337


MS-DOS device names are identified as readable_real

Added by hdm (HD Moore) almost 13 years ago. Updated over 5 years ago.

Target version:
ruby -v:
ruby 1.9.3dev (2010-05-21 trunk 27931) [i386-mingw32]


Special MS-DOS filenames return true from a call to File.readable_real? and File.file?. This exposes certain popular projects to a denial of service on the Windows platform.

irb(main):007:0> File.readable_real?("AUX")
=> true

Modifying File.file? and File.readable_real? to return false for MS-DOS device names will allow standard tests for static files to avoid MS-DOS names. The regular express below can be used to match against known MS-DOS names and should be inclusive, however a second set of eyes would be great.


If you need information on the specific projects affected by this bug, please contact me via email

Actions #1

Updated by coatl (caleb clausen) almost 13 years ago

I'm not certain that the above list is complete. Among other things, windows allows programs to define their own ms-dos device names using DefineDosDevice. It might be better (at least on windows) to query the system for the list of currently defined device names.

It appears that windows ce allows device names which begin with $device or $bus.

Also, I'm puzzled by the fact that you require a / at the beginning of the device name, and allow . or / at the end. Microsoft's documentation only mentions allowing a : at the end.

I think this might be a better regexp to use (wince devices still not checked here, tho):


relevant pages on MSDN:

INFO: Understanding Device Names and Symbolic Links

Defining an MS-DOS Device Name

DefineDosDevice Function

Device File Names (for windows ce)

QueryDosDevice Function (can return a list of known devices???)

Actions #2

Updated by mame (Yusuke Endoh) almost 13 years ago

  • Assignee set to usa (Usaku NAKAMURA)
  • Priority changed from Normal to 3
  • Target version set to 2.0.0


According to Usaku, it is difficult to fix this issue.
According to Usaku, QueryDosDevice cannot be used. It determines
some device files (such as CON) as normal file.

At least, we won't fix this issue in 1.9.2 release.
I change the target to 1.9.x and priority to Low.

Blame windows!

Yusuke Endoh

Actions #3

Updated by hdm (HD Moore) almost 13 years ago

Responding to Caleb: the regex is being used to monkeypatch an application server, the leading / is because the regex is matching an incoming request, not the raw filename, and I should have clarified in the initial report.

It does seem a sticky problem to solve, but it may be possible to combine the known-bad blacklist with QueryDosDevice (.ex: CON will always be a console). I am not sure how frequently DefineDosDevice is actually used, so just filtering a known blacklist may go a long way in the short term.

Actions #4

Updated by usa (Usaku NAKAMURA) almost 13 years ago

  • Status changed from Open to Assigned

Updated by usa (Usaku NAKAMURA) over 10 years ago

  • Description updated (diff)
  • Target version changed from 2.0.0 to 2.6

Updated by usa (Usaku NAKAMURA) over 5 years ago

  • Assignee changed from usa (Usaku NAKAMURA) to windows

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

  • Description updated (diff)
  • Status changed from Assigned to Closed

Seems already fixed in 2.0.0.


Also available in: Atom PDF