Commit 327f179a authored by Mario de la Ossa's avatar Mario de la Ossa Committed by Mario de la Ossa

Fix DOS when rendering issue/MR comments

parent e3eeb779
---
title: Fix Denial of Service for comments when rendering issues/MR comments
merge_request:
author:
type: security
...@@ -100,7 +100,7 @@ module Banzai ...@@ -100,7 +100,7 @@ module Banzai
end end
def relative_file_path(uri) def relative_file_path(uri)
path = Addressable::URI.unescape(uri.path) path = Addressable::URI.unescape(uri.path).delete("\0")
request_path = Addressable::URI.unescape(context[:requested_path]) request_path = Addressable::URI.unescape(context[:requested_path])
nested_path = build_relative_path(path, request_path) nested_path = build_relative_path(path, request_path)
file_exists?(nested_path) ? nested_path : path file_exists?(nested_path) ? nested_path : path
......
...@@ -83,6 +83,11 @@ describe Banzai::Filter::RelativeLinkFilter do ...@@ -83,6 +83,11 @@ describe Banzai::Filter::RelativeLinkFilter do
expect { filter(act) }.not_to raise_error expect { filter(act) }.not_to raise_error
end end
it 'does not explode with an escaped null byte' do
act = link("/%00")
expect { filter(act) }.not_to raise_error
end
it 'does not raise an exception with a space in the path' do it 'does not raise an exception with a space in the path' do
act = link("/uploads/d18213acd3732630991986120e167e3d/Landscape_8.jpg \nBut here's some more unexpected text :smile:)") act = link("/uploads/d18213acd3732630991986120e167e3d/Landscape_8.jpg \nBut here's some more unexpected text :smile:)")
expect { filter(act) }.not_to raise_error expect { filter(act) }.not_to raise_error
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment