Merge pull request #1156 from rbenv/no-dir-traversal

Disallow path segments and directory traversal in `.ruby-version` files

libexec/rbenv-version-file-read

@@ -11,7 +11,9 @@ if [ -e "$VERSION_FILE" ]; then
   words=( $(cut -b 1-1024 "$VERSION_FILE") )
   version="${words[0]}"
 
-  if [ -n "$version" ]; then
+  if [ "$version" = ".." ] || [[ $version == */* ]]; then
+    echo "rbenv: invalid version in \`$VERSION_FILE'" >&2
+  elif [ -n "$version" ]; then
     echo "$version"
     exit
   fi

test/version-file-read.bats

@@ -70,3 +70,19 @@ IN
   run rbenv-version-file-read my-version
   assert_success "1.9.3"
 }
+
+@test "prevents directory traversal" {
+  cat > my-version <<<".."
+  run rbenv-version-file-read my-version
+  assert_failure "rbenv: invalid version in \`my-version'"
+
+  cat > my-version <<<"../foo"
+  run rbenv-version-file-read my-version
+  assert_failure "rbenv: invalid version in \`my-version'"
+}
+
+@test "disallows path segments in version string" {
+  cat > my-version <<<"foo/bar"
+  run rbenv-version-file-read my-version
+  assert_failure "rbenv: invalid version in \`my-version'"
+}