[前][次][番号順一覧][スレッド一覧]

ruby-changes:20618

From: nahi <ko1@a...>
Date: Mon, 25 Jul 2011 22:21:56 +0900 (JST)
Subject: [ruby-changes:20618] nahi:r32666 (trunk): * lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by

nahi	2011-07-25 22:21:49 +0900 (Mon, 25 Jul 2011)

  New Revision: 32666

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=32666

  Log:
    * lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
      'Basic' header. Long username caused the base64 String truncation in
      HTTP header which is not allowed. See #5046.
    
    * test/xmlrpc/test_webrick_server.rb: test it.

  Modified files:
    trunk/ChangeLog
    trunk/lib/xmlrpc/client.rb
    trunk/test/xmlrpc/test_webrick_server.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 32665)
+++ ChangeLog	(revision 32666)
@@ -1,3 +1,11 @@
+Mon Jul 25 22:14:37 2011  Hiroshi Nakamura  <nahi@r...>
+
+	* lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
+	  'Basic' header. Long username caused the base64 String truncation in
+	  HTTP header which is not allowed. See #5046.
+
+	* test/xmlrpc/test_webrick_server.rb: test it.
+
 Mon Jul 25 15:04:33 2011  Hiroshi Nakamura  <nahi@r...>
 
 	* ext/openssl/lib/openssl.rb: End of transition period introduced by
Index: lib/xmlrpc/client.rb
===================================================================
--- lib/xmlrpc/client.rb	(revision 32665)
+++ lib/xmlrpc/client.rb	(revision 32666)
@@ -493,7 +493,7 @@
       else
         a =  "#@user"
         a << ":#@password" if @password != nil
-        @auth = ("Basic " + [a].pack("m")).chomp
+        @auth = "Basic " + [a].pack("m0")
       end
     end
 
Index: test/xmlrpc/test_webrick_server.rb
===================================================================
--- test/xmlrpc/test_webrick_server.rb	(revision 32665)
+++ test/xmlrpc/test_webrick_server.rb	(revision 32666)
@@ -3,13 +3,25 @@
 require_relative 'webrick_testing'
 require "xmlrpc/server"
 require 'xmlrpc/client'
+require 'logger'
 
 class Test_Webrick < Test::Unit::TestCase
   include WEBrick_Testing
 
+  @@basic_auth = WEBrick::HTTPAuth::BasicAuth.new(
+    :Realm => 'auth',
+    :UserDB => WEBrick::HTTPAuth::Htpasswd.new(File.expand_path('./htpasswd', File.dirname(__FILE__))),
+    :Logger => Logger.new(File::NULL),
+  )
+
   def create_servlet
     s = XMLRPC::WEBrickServlet.new
 
+    def s.service(req, res)
+      @@basic_auth.authenticate(req, res)
+      super(req, res)
+    end
+
     s.add_handler("test.add") do |a,b|
       a + b
     end
@@ -46,8 +58,6 @@
     end
 
     start_server(option) {|w| w.mount('/RPC2', create_servlet) }
-
-    @s = XMLRPC::Client.new3(:port => port, :use_ssl => use_ssl)
   end
 
   PORT = 8070
@@ -56,13 +66,33 @@
     [false].each do |use_ssl|
       begin
         setup_http_server(PORT, use_ssl)
-        do_test
+        @s = XMLRPC::Client.new3(:port => PORT, :use_ssl => use_ssl)
+        @s.user = 'admin'
+        @s.password = 'admin'
+        silent do
+          do_test
+        end
+        @s = XMLRPC::Client.new3(:port => PORT, :use_ssl => use_ssl)
+        @s.user = '01234567890123456789012345678901234567890123456789012345678901234567890123456789'
+        @s.password = 'guest'
+        silent do
+          do_test
+        end
       ensure
         stop_server
       end
     end
   end
 
+  def silent
+    begin
+      back, $VERBOSE = $VERBOSE, nil
+      yield
+    ensure
+      $VERBOSE = back
+    end
+  end
+
   def do_test
     # simple call
     assert_equal 9, @s.call('test.add', 4, 5)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]