ruby-changes:58062
From: nagachika <ko1@a...>
Date: Tue, 1 Oct 2019 19:57:02 +0900 (JST)
Subject: [ruby-changes:58062] 1443dfd7c3 (ruby_2_6): merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03:
https://git.ruby-lang.org/ruby.git/commit/?id=1443dfd7c3 From 1443dfd7c30fc9847d8316bc522ff32da5fb6fc1 Mon Sep 17 00:00:00 2001 From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Tue, 1 Oct 2019 10:56:49 +0000 Subject: merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03: Loop with String#scan without creating substrings Create the substrings necessary parts only, instead of cutting the rest of the buffer. Also removed a useless, probable typo, regexp. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb index 6416a40..3cf1289 100644 --- a/lib/webrick/httpauth/digestauth.rb +++ b/lib/webrick/httpauth/digestauth.rb @@ -290,23 +290,8 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httpauth/digestauth.rb#L290 def split_param_value(string) ret = {} - while string.bytesize != 0 - case string - when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/ - key = $1 - matched = $2 - string = $' - ret[key] = matched.gsub(/\\(.)/, "\\1") - when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/ - key = $1 - matched = $2 - string = $' - ret[key] = matched.clone - when /^s*^,/ - string = $' - else - break - end + string.scan(/\G\s*([\w\-.*%!]+)=\s*(?:\"((?>\\.|[^\"])*)\"|([^,\"]*))\s*,?/) do + ret[$1] = $3 || $2.gsub(/\\(.)/, "\\1") end ret end diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb index 0b2ba4b..3bdba62 100644 --- a/test/webrick/test_httpauth.rb +++ b/test/webrick/test_httpauth.rb @@ -307,6 +307,28 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httpauth.rb#L307 } end + def test_digest_auth_invalid + digest_auth = WEBrick::HTTPAuth::DigestAuth.new(Realm: 'realm', UserDB: '') + + def digest_auth.error(fmt, *) + end + + def digest_auth.try_bad_request(len) + request = {"Authorization" => %[Digest a="#{'\b'*len}]} + authenticate request, nil + end + + bad_request = WEBrick::HTTPStatus::BadRequest + t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC) + assert_raise(bad_request) {digest_auth.try_bad_request(10)} + limit = (Process.clock_gettime(Process::CLOCK_MONOTONIC) - t0) + [20, 50, 100, 200].each do |len| + assert_raise(bad_request) do + Timeout.timeout(len*limit) {digest_auth.try_bad_request(len)} + end + end + end + private def credentials_for_request(user, password, params, body = nil) cnonce = "hoge" diff --git a/version.h b/version.h index da5842c..237c3e5 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1 #define RUBY_VERSION "2.6.5" #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 111 +#define RUBY_PATCHLEVEL 112 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 10 -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/