On Wed, Mar 27, 2013 at 7:51 PM, Preth H. <lists / ruby-forum.com> wrote:
> Robert Klemme wrote in post #1103402:
>> On Wed, Mar 27, 2013 at 6:53 PM, Preth H. <lists / ruby-forum.com> wrote:
>>> this is a bug in ruby *1.9.3p194* version.
>>>
>>> The weirdest thing is that I've tested in older versions
>>> (ruby-1.9.2-p320) getting a right outcome from my point of view [
>>> ArgumentError (string contains null byte) ] but this one particularly
>>> build skip that exception..
>>>
>>> So my question should be.. Is there any particular reason why in version
>>> of ruby *1.9.3p194* the "string contains null byte" exception is not
>>> deployed?
>>
>> Maybe because there are no null bytes in your example?
>>
>> irb(main):012:0> file="../../../../../etc/passwd\c0000"
>> => "../../../../../etc/passwd\u0010000"
>> irb(main):013:0> file.chars.to_a
>> => [".", ".", "/", ".", ".", "/", ".", ".", "/", ".", ".", "/", ".",
>> ".", "/", "e", "t", "c", "/", "p", "a", "s", "s", "w", "d", "\u0010",
>> "0", "0", "0"]
>> irb(main):014:0> file.chars.each {|c| p c}
>> "."
>> "."
>> "/"
>> "."
>> "."
>> "/"
>> "."
>> "."
>> "/"
>> "."
>> "."
>> "/"
>> "."
>> "."
>> "/"
>> "e"
>> "t"
>> "c"
>> "/"
>> "p"
>> "a"
>> "s"
>> "s"
>> "w"
>> "d"
>> "\u0010"
>> "0"
>> "0"
>> "0"
>> => "../../../../../etc/passwd\u0010000"
>>
>> Even if there were, this seems completely legal:
>>
>> irb(main):015:0> s="a\0b"
>> => "a\u0000b"
>> irb(main):016:0> s.length
>> => 3
>> irb(main):017:0> s.bytesize
>> => 3
>> irb(main):018:0> s.chars.to_a
>> => ["a", "\u0000", "b"]
>>
>> But maybe I'm not getting what your issue is.
>>
>> Kind regards
>>
>> robert
>
>
> thanks about the note.. try it with "\0"
>
>
> $ruby -v
> ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-darwin12.0.0]
> $ irb
> 1.9.3-p194-perf :003 > file="../../../../../etc/passwd\0"
>  => "../../../../../etc/passwd\u0000"
> 1.9.3-p194-perf :004 > @data= File.read('public/'+file+'.txt')
>  => "##\n# User Database\n# \n# Note that this file is consulted
> directly only when the system is running\n# in single-user mode.  At
> other times this information is provided by\n# Open Directory.\n#\n# See
> the opendirectoryd(8) man page for additional information about\n# Open
> Directory.\n##\nnobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin
> "........

p194 is not the newest one.  Maybe that version has a bug?

$ echo 111 >a
$ echo 222 >a.txt
$ ruby -e 'p File.read("a\0.txt")'
-e:1:in `read': string contains null byte (ArgumentError)
        from -e:1:in `<main>'
$ ruby -v
ruby 1.9.3p385 (2013-02-06 revision 39114) [i386-cygwin]

Cheers

robert


-- 
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/