Fix invalid byte sequence

0cc8e021 · Patrick Derichs · 4d477238 · 0cc8e021 · 0cc8e021 · 0cc8e021
Commit 0cc8e021 authored 5 years ago by Patrick Derichs
--- a/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml
+++ b/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml
+---
+title: Fix 500 error caused by invalid byte sequences in links
+merge_request:
+author:
+type: security
--- a/lib/banzai/filter/relative_link_filter.rb
+++ b/lib/banzai/filter/relative_link_filter.rb
@@ -172,7 +172,7 @@ module Banzai
      end
  
      def cleaned_file_path(uri)
-        Addressable::URI.unescape(uri.path).delete("\0").chomp("/")
+        Addressable::URI.unescape(uri.path).scrub.delete("\0").chomp("/")
      end
  
      def relative_file_path(uri)

--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -119,6 +119,11 @@ describe Banzai::Filter::RelativeLinkFilter do
    expect { filter(act) }.not_to raise_error
  end
  
+  it 'does not raise an exception on URIs containing invalid utf-8 byte sequences' do
+    act = link("%FF")
+    expect { filter(act) }.not_to raise_error
+  end
+
  it 'does not raise an exception with a garbled path' do
    act = link("open(/var/tmp/):%20/location%0Afrom:%20/test")
    expect { filter(act) }.not_to raise_error