Collaborate Disseminate
I work for a healthcare company that emphasizes security, due to the sensitivity of the data that we work with. Recently, we’ve been doing a lot of auditing (internal and external) of our current “stack” to ensure that we’re … Continue reading Plain text Rails environment variables and security
The following code is part of a program that is spawned at every request by the nginx’s ruby on rails script :
static void time_t_to_dos_time(time_t user_supplied_time_t, int *dos_date, int *dos_time)
{
struct tm *t = localtime(&user_supplied_time_t);
*dos_time = t->tm_sec / 2 + t->tm_min * 32 + t->tm_hour * 2048;
*dos_date = t->tm_mday + (t->tm_mon + 1) * 32 +
(t->tm_year + 1900 - 1980) * 512;
}
localtimereturns 0 if the value is too large to fit in astruct tm. So when the program tries to readt->tm_sec, it will attempt to read memory address 0.
In that case, the program immediately raisesSIGSEGVand the server returns :
HTTP/1.1 502 Bad Gateway
Content-Length: 13
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security: max-age=31536000
Vary: Authorization,Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Date: Tue, 28 Jun 2016 12:59:10 GMT
502: Failure
It appears to me to be a simple bug without any security concerns at all as the program is designed to only run on that website.
Would this be correct ?
I’ve started using Ruby on Rails, and I was wondering if there were any security gotchas to watch out for with Rails, particularly regarding code injection and XSS?
I know Rails tries to prevent such attacks by sanitizing … Continue reading Rails – protection against code injection and XSS
I’ve started using Ruby on Rails, and I was wondering if there were any security gotchas to watch out for with Rails, particularly regarding code injection and XSS?
I know Rails tries to prevent such attacks by sanitizing … Continue reading Rails – protection against code injection and XSS