diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-12-17 07:03:57 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-12-17 07:03:57 +0000 |
commit | 1e8c6e2ba4eb4305a756f650248283ecad4f36cb (patch) | |
tree | c039ee1a23b5b8fa6de191bfdc3476578f37407a | |
parent | 3f07e548fc8b1247824a008c970fcbcf10116a93 (diff) | |
download | ruby-1e8c6e2ba4eb4305a756f650248283ecad4f36cb.tar.gz |
* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
header fields shold be read with maximum length. [ruby-talk:231745]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | lib/webrick/cgi.rb | 4 | ||||
-rw-r--r-- | lib/webrick/httprequest.rb | 13 | ||||
-rw-r--r-- | test/webrick/test_httprequest.rb | 10 |
4 files changed, 29 insertions, 11 deletions
@@ -1,3 +1,8 @@ +Mon Dec 17 16:02:30 2007 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or + header fields shold be read with maximum length. [ruby-talk:231745] + Mon Dec 17 14:03:39 2007 Tanaka Akira <akr@fsij.org> * include/ruby/encoding.h (ENC_CODERANGE_VALID): rename from @@ -25,7 +30,7 @@ Mon Dec 17 11:38:59 2007 Tanaka Akira <akr@fsij.org> Sun Dec 16 17:07:35 2007 Martin Duerst <duerst@it.aoyama.ac.jp> - * transcode.c (transcode_loop): removed special case (-1) + * transcode.c (transcode_loop): removed special case (-1) for undefined conversions. * transcode_data_iso_8859.c: Changed from character constants @@ -132,10 +137,10 @@ Fri Dec 14 16:06:18 2007 Yukihiro Matsumoto <matz@ruby-lang.org> Fri Dec 14 15:25:30 2007 Martin Duerst <duerst@it.aoyama.ac.jp> - * transcode.c (encoding_equal): new function. + * transcode.c (encoding_equal): new function. * transcode.c (str_transcode, transcode_dispatch): added two-step - conversion logic via UTF-8. + conversion logic via UTF-8. * trancode.c: some minor formatting fixes @@ -1903,7 +1908,7 @@ Thu Nov 8 17:09:55 2007 David Flanagan <davidflanagan@ruby-lang.org> Thu Nov 8 15:13:56 2007 David Flanagan <davidflanagan@ruby-lang.org> * parse.y: fix segfault with \x escapes in regexps - delete unused #if 0 code regions from previous patch + delete unused #if 0 code regions from previous patch Thu Nov 8 12:12:10 2007 NAKAMURA Usaku <usa@ruby-lang.org> diff --git a/lib/webrick/cgi.rb b/lib/webrick/cgi.rb index ff140ca84e..8e43ac570e 100644 --- a/lib/webrick/cgi.rb +++ b/lib/webrick/cgi.rb @@ -196,8 +196,8 @@ module WEBrick [nil, @server_port, @server_name, @server_addr] end - def gets(eol=LF) - input.gets(eol) + def gets(eol=LF, size=nil) + input.gets(eol, size) end def read(size=nil) diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index 2dca0655d6..430054bb29 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -219,7 +219,10 @@ module WEBrick private def read_request_line(socket) - @request_line = read_line(socket) if socket + @request_line = read_line(socket, 1024) if socket + if @request_line.size >= 1024 and @request_line[-1, 1] != LF + raise HTTPStatus::RequestURITooLarge + end @request_time = Time.now raise HTTPStatus::EOFError unless @request_line if /^(\S+)\s+(\S+)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line @@ -317,10 +320,10 @@ module WEBrick @remaining_size = 0 end - def _read_data(io, method, arg) + def _read_data(io, method, *arg) begin WEBrick::Utils.timeout(@config[:RequestTimeout]){ - return io.__send__(method, arg) + return io.__send__(method, *arg) } rescue Errno::ECONNRESET return nil @@ -329,8 +332,8 @@ module WEBrick end end - def read_line(io) - _read_data(io, :gets, LF) + def read_line(io, size=4096) + _read_data(io, :gets, LF, size) end def read_data(io, size) diff --git a/test/webrick/test_httprequest.rb b/test/webrick/test_httprequest.rb index f0cd1a092a..f2fd887873 100644 --- a/test/webrick/test_httprequest.rb +++ b/test/webrick/test_httprequest.rb @@ -56,6 +56,16 @@ class TestWEBrickHTTPRequest < Test::Unit::TestCase assert(req.query.empty?) end + def test_request_uri_too_large + msg = <<-_end_of_message_ + GET /#{"a"*1024} HTTP/1.1 + _end_of_message_ + req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP) + assert_raises(WEBrick::HTTPStatus::RequestURITooLarge){ + req.parse(StringIO.new(msg.gsub(/^ {6}/, ""))) + } + end + def test_parse_headers msg = <<-_end_of_message_ GET /path HTTP/1.1 |