Unintentional file creation caused by inserting a illegal NUL character

Unintentional file creation caused by inserting an illegal NUL character (CVE-2012-4522)

Unintentional file creation caused by inserting a illegal NUL character A vulnerability was found that file creation routines can create unintended files by strategically inserting NUL(s) in file paths. Details Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the other hand OSes and other libraries tend not. They usually treat a NUL as an End of String mark. So to interface them with Ruby, NUL chars should properly be avoided. However methods like IO#open did not check the filename passed to them, and just passed those strings to lower layer routines. This led to create unintentional files like this: p File.exists?("foo") #=> false open("foo\0bar", "w") { |f| f.puts "hai" } p File.exists?("foo") #=> true p File.exists?("foo\0bar") #=> raises ArgumentError Affected versions All Ruby 1.9.3 prior tp patchlevel 286 All development branches of Ruby ...

Full article: http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-...