diff --git a/libexec/rbenv-version-file-read b/libexec/rbenv-version-file-read index 2f04696..c94404c 100755 --- a/libexec/rbenv-version-file-read +++ b/libexec/rbenv-version-file-read @@ -11,7 +11,9 @@ if [ -e "$VERSION_FILE" ]; then words=( $(cut -b 1-1024 "$VERSION_FILE") ) version="${words[0]}" - if [ -n "$version" ]; then + if [ "$version" = ".." ] || [[ $version == */* ]]; then + echo "rbenv: invalid version in \`$VERSION_FILE'" >&2 + elif [ -n "$version" ]; then echo "$version" exit fi diff --git a/test/version-file-read.bats b/test/version-file-read.bats index bf7bf91..9dc6232 100644 --- a/test/version-file-read.bats +++ b/test/version-file-read.bats @@ -70,3 +70,19 @@ IN run rbenv-version-file-read my-version assert_success "1.9.3" } + +@test "prevents directory traversal" { + cat > my-version <<<".." + run rbenv-version-file-read my-version + assert_failure "rbenv: invalid version in \`my-version'" + + cat > my-version <<<"../foo" + run rbenv-version-file-read my-version + assert_failure "rbenv: invalid version in \`my-version'" +} + +@test "disallows path segments in version string" { + cat > my-version <<<"foo/bar" + run rbenv-version-file-read my-version + assert_failure "rbenv: invalid version in \`my-version'" +}