40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 0e5694f4d32544532d2301a9b4084eacb6986e94 Mon Sep 17 00:00:00 2001
|
|
From: John Hawthorn <john@hawthorn.email>
|
|
Date: Fri, 11 Oct 2024 00:34:14 -0700
|
|
Subject: [PATCH] Avoid backtracking in ActionMailer block_format
|
|
|
|
[CVE-2024-47889]
|
|
|
|
Thanks to yuki_osaki and scyoon for reporting this vulnerability
|
|
---
|
|
actionmailer/lib/action_mailer/mail_helper.rb | 14 +++++++++++---
|
|
actionmailer/test/mail_helper_test.rb | 12 ++++++++++++
|
|
2 files changed, 23 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/actionmailer/lib/action_mailer/mail_helper.rb b/actionmailer/lib/action_mailer/mail_helper.rb
|
|
index e7bed41f8d294..f527d5a59ebf5 100644
|
|
--- a/actionmailer/lib/action_mailer/mail_helper.rb
|
|
+++ b/actionmailer/lib/action_mailer/mail_helper.rb
|
|
@@ -23,10 +23,18 @@ def block_format(text)
|
|
}.join("\n\n")
|
|
|
|
# Make list points stand on their own line
|
|
- formatted.gsub!(/[ ]*([*]+) ([^*]*)/) { " #{$1} #{$2.strip}\n" }
|
|
- formatted.gsub!(/[ ]*([#]+) ([^#]*)/) { " #{$1} #{$2.strip}\n" }
|
|
+ output = +""
|
|
+ splits = formatted.split(/(\*+|\#+)/)
|
|
+ while line = splits.shift
|
|
+ if line.start_with?("*", "#") && splits[0].start_with?(" ")
|
|
+ output.chomp!(" ") while output.end_with?(" ")
|
|
+ output << " #{line} #{splits.shift.strip}\n"
|
|
+ else
|
|
+ output << line
|
|
+ end
|
|
+ end
|
|
|
|
- formatted
|
|
+ output
|
|
end
|
|
|
|
# Access the mailer instance.
|