Package: rails / 2:4.1.8-1+deb8u4

CVE-2016-0751.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
From 5756321cd9e3ca12cb2b8402704c6680b4d7ca2a Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Mon, 11 Jan 2016 14:36:49 -0800
Subject: [PATCH] stop caching mime types globally

Unknown mime types should not be cached globally.  This global cache
leads to a memory leak and a denial of service vulnerability.

CVE-2016-0751
---
 actionpack/lib/action_dispatch/http/mime_type.rb | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/actionpack/lib/action_dispatch/http/mime_type.rb b/actionpack/lib/action_dispatch/http/mime_type.rb
index 9450be8..fc986f9 100644
--- a/actionpack/lib/action_dispatch/http/mime_type.rb
+++ b/actionpack/lib/action_dispatch/http/mime_type.rb
@@ -23,7 +23,7 @@ module Mime
 
   SET              = Mimes.new
   EXTENSION_LOOKUP = {}
-  LOOKUP           = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
+  LOOKUP           = {}
 
   class << self
     def [](type)
@@ -146,7 +146,7 @@ module Mime
       end
 
       def lookup(string)
-        LOOKUP[string]
+        LOOKUP[string] || Type.new(string)
       end
 
       def lookup_by_extension(extension)
@@ -225,9 +225,12 @@ module Mime
       end
     end
 
+    attr_reader :hash
+
     def initialize(string, symbol = nil, synonyms = [])
       @symbol, @synonyms = symbol, synonyms
       @string = string
+      @hash = [@string, @synonyms, @symbol].hash
     end
 
     def to_s
@@ -261,6 +264,13 @@ module Mime
       end
     end
 
+    def eql?(other)
+      super || (self.class == other.class &&
+                @string    == other.string &&
+                @synonyms  == other.synonyms &&
+                @symbol    == other.symbol)
+    end
+
     def =~(mime_type)
       return false if mime_type.blank?
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
@@ -274,6 +284,10 @@ module Mime
     end
 
 
+    protected
+
+    attr_reader :string, :synonyms
+
     private
 
     def to_ary; end
-- 
2.2.1