ruby-changes:2769

gotoyuzo	2007-12-17 16:03:57 +0900 (Mon, 17 Dec 2007)

  New Revision: 14260

  Modified files:
    trunk/ChangeLog
    trunk/lib/webrick/cgi.rb
    trunk/lib/webrick/httprequest.rb
    trunk/test/webrick/test_httprequest.rb

  Log:
    * lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
      header fields shold be read with maximum length. [ruby-talk:231745]


  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/webrick/httprequest.rb?r1=14260&r2=14259
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=14260&r2=14259
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/webrick/test_httprequest.rb?r1=14260&r2=14259
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/webrick/cgi.rb?r1=14260&r2=14259

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 14259)
+++ ChangeLog	(revision 14260)
@@ -1,3 +1,8 @@
+Mon Dec 17 16:02:30 2007  GOTOU Yuuzou  <gotoyuzo@n...>
+
+	* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
+	  header fields shold be read with maximum length. [ruby-talk:231745]
+
 Mon Dec 17 14:03:39 2007  Tanaka Akira  <akr@f...>
 
 	* include/ruby/encoding.h (ENC_CODERANGE_VALID): rename from
@@ -25,7 +30,7 @@
 
 Sun Dec 16 17:07:35 2007  Martin Duerst  <duerst@i...>
 
-        * transcode.c (transcode_loop): removed special case (-1)
+	* transcode.c (transcode_loop): removed special case (-1)
 	  for undefined conversions.
 
 	* transcode_data_iso_8859.c: Changed from character constants
@@ -132,10 +137,10 @@
 
 Fri Dec 14 15:25:30 2007  Martin Duerst  <duerst@i...>
 
-        * transcode.c (encoding_equal): new function.
+	* transcode.c (encoding_equal): new function.
 
 	* transcode.c (str_transcode, transcode_dispatch): added two-step
-          conversion logic via UTF-8.
+	  conversion logic via UTF-8.
 
 	* trancode.c: some minor formatting fixes
 
@@ -1903,7 +1908,7 @@
 Thu Nov  8 15:13:56 2007 David Flanagan <davidflanagan@r...>
 
 	* parse.y: fix segfault with \x escapes in regexps
-                   delete unused #if 0 code regions from previous patch
+	  delete unused #if 0 code regions from previous patch
 	
 Thu Nov  8 12:12:10 2007  NAKAMURA Usaku  <usa@r...>
 
Index: lib/webrick/httprequest.rb
===================================================================
--- lib/webrick/httprequest.rb	(revision 14259)
+++ lib/webrick/httprequest.rb	(revision 14260)
@@ -219,7 +219,10 @@
     private
 
     def read_request_line(socket)
-      @request_line = read_line(socket) if socket
+      @request_line = read_line(socket, 1024) if socket
+      if @request_line.size >= 1024 and @request_line[-1, 1] != LF
+        raise HTTPStatus::RequestURITooLarge
+      end
       @request_time = Time.now
       raise HTTPStatus::EOFError unless @request_line
       if /^(\S+)\s+(\S+)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line
@@ -317,10 +320,10 @@
       @remaining_size = 0
     end
 
-    def _read_data(io, method, arg)
+    def _read_data(io, method, *arg)
       begin
         WEBrick::Utils.timeout(@config[:RequestTimeout]){
-          return io.__send__(method, arg)
+          return io.__send__(method, *arg)
         }
       rescue Errno::ECONNRESET
         return nil
@@ -329,8 +332,8 @@
       end
     end
 
-    def read_line(io)
-      _read_data(io, :gets, LF)
+    def read_line(io, size=4096)
+      _read_data(io, :gets, LF, size)
     end
 
     def read_data(io, size)
Index: lib/webrick/cgi.rb
===================================================================
--- lib/webrick/cgi.rb	(revision 14259)
+++ lib/webrick/cgi.rb	(revision 14260)
@@ -196,8 +196,8 @@
         [nil, @server_port, @server_name, @server_addr]
       end
   
-      def gets(eol=LF)
-        input.gets(eol)
+      def gets(eol=LF, size=nil)
+        input.gets(eol, size)
       end
   
       def read(size=nil)
Index: test/webrick/test_httprequest.rb
===================================================================
--- test/webrick/test_httprequest.rb	(revision 14259)
+++ test/webrick/test_httprequest.rb	(revision 14260)
@@ -56,6 +56,16 @@
     assert(req.query.empty?)
   end
 
+  def test_request_uri_too_large
+    msg = <<-_end_of_message_
+      GET /#{"a"*1024} HTTP/1.1
+    _end_of_message_
+    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+    assert_raises(WEBrick::HTTPStatus::RequestURITooLarge){
+      req.parse(StringIO.new(msg.gsub(/^ {6}/, "")))
+    }
+  end
+
   def test_parse_headers
     msg = <<-_end_of_message_
       GET /path HTTP/1.1

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml