From 3c992ca764b7970cc27b13fb629bc8cb16f0f920 Mon Sep 17 00:00:00 2001
From: Elad Meidar <elad@eizesus.com>
Date: Sat, 26 Sep 2009 19:50:07 -0400
Subject: [PATCH] lh3238 - ported existing patch to master, prevent arbitrary_key_selection

---
 .../middleware/session/mem_cache_store.rb          |   11 ++++++++++-
 .../test/dispatch/session/mem_cache_store_test.rb  |    9 +++++++++
 2 files changed, 19 insertions(+), 1 deletions(-)

diff --git a/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
index be1d5a4..c81ef46 100644
--- a/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
@@ -25,7 +25,7 @@ module ActionDispatch
 
       private
         def get_session(env, sid)
-          sid ||= generate_sid
+          sid = @pool.get(sid) && sid || generate_sid
           begin
             session = @pool.get(sid) || {}
           rescue MemCache::MemCacheError, Errno::ECONNREFUSED
@@ -42,6 +42,15 @@ module ActionDispatch
         rescue MemCache::MemCacheError, Errno::ECONNREFUSED
           return false
         end
+        
+        # Don't overwrite an existing session
+        def generate_sid
+          sid = nil
+          until sid && !@pool.get(sid)
+            sid = super
+          end
+          sid
+        end
     end
   end
 end
diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index d7129da..f54cd2d 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -100,6 +100,15 @@ class MemCacheStoreTest < ActionController::IntegrationTest
         assert_equal nil, cookies['_session_id']
       end
     end
+    
+    def test_prevents_arbitrary_key_selection
+      with_test_route_set do
+        my_arbitrary_key = ActiveSupport::SecureRandom.hex(16) + "_whatever_I_want"
+        get '/set_session_value', nil, "HTTP_COOKIE" => "_session_id=#{my_arbitrary_key}"
+        assert_response :success
+        assert_not_equal my_arbitrary_key, cookies['_session_id']
+      end
+    end
   rescue LoadError, RuntimeError
     $stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again."
   end
-- 
1.6.0.2