Limit file extension length of multipart tempfiles (#2069)

- Fixes #1968 

2 files changed, 25 insertions, 1 deletions

diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
index c856b68b..cb33292e 100644
--- a/lib/rack/multipart/parser.rb
+++ b/lib/rack/multipart/parser.rb
@@ -59,7 +59,9 @@ module Rack
       BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
       TEMPFILE_FACTORY = lambda { |filename, content_type|
-        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
+        extension = ::File.extname(filename.gsub("\0", '%00'))[0, 129]
+
+        Tempfile.new(["RackMultipart", extension])
       }
 
       class BoundedIO # :nodoc:
diff --git a/test/spec_multipart.rb b/test/spec_multipart.rb
index 48d03e43..d5ebe717 100644
--- a/test/spec_multipart.rb
+++ b/test/spec_multipart.rb
@@ -780,6 +780,28 @@ contents\r
     params["file"][:filename].must_equal 'long' * 100
   end
 
+  it "limits very long file name extensions in multipart tempfiles" do
+    data = <<-EOF
+--AaB03x\r
+content-type: text/plain\r
+content-disposition: attachment; name=file; filename=foo.#{'a' * 1000}\r
+\r
+contents\r
+--AaB03x--\r
+    EOF
+
+    options = {
+      "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+      "CONTENT_LENGTH" => data.length.to_s,
+      :input => StringIO.new(data)
+    }
+    env = Rack::MockRequest.env_for("/", options)
+    params = Rack::Multipart.parse_multipart(env)
+
+    params["file"][:filename].must_equal "foo.#{'a' * 1000}"
+    File.extname(env["rack.tempfiles"][0]).must_equal ".#{'a' * 128}"
+  end
+
   it "parse unquoted parameter values at end of line" do
     data = <<-EOF
 --AaB03x\r