ruby-changes:2769
From: ko1@a...
Date: 17 Dec 2007 16:04:52 +0900
Subject: [ruby-changes:2769] gotoyuzo - Ruby:r14260 (trunk): * lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
gotoyuzo 2007-12-17 16:03:57 +0900 (Mon, 17 Dec 2007) New Revision: 14260 Modified files: trunk/ChangeLog trunk/lib/webrick/cgi.rb trunk/lib/webrick/httprequest.rb trunk/test/webrick/test_httprequest.rb Log: * lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or header fields shold be read with maximum length. [ruby-talk:231745] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/webrick/httprequest.rb?r1=14260&r2=14259 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=14260&r2=14259 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/webrick/test_httprequest.rb?r1=14260&r2=14259 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/webrick/cgi.rb?r1=14260&r2=14259 Index: ChangeLog =================================================================== --- ChangeLog (revision 14259) +++ ChangeLog (revision 14260) @@ -1,3 +1,8 @@ +Mon Dec 17 16:02:30 2007 GOTOU Yuuzou <gotoyuzo@n...> + + * lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or + header fields shold be read with maximum length. [ruby-talk:231745] + Mon Dec 17 14:03:39 2007 Tanaka Akira <akr@f...> * include/ruby/encoding.h (ENC_CODERANGE_VALID): rename from @@ -25,7 +30,7 @@ Sun Dec 16 17:07:35 2007 Martin Duerst <duerst@i...> - * transcode.c (transcode_loop): removed special case (-1) + * transcode.c (transcode_loop): removed special case (-1) for undefined conversions. * transcode_data_iso_8859.c: Changed from character constants @@ -132,10 +137,10 @@ Fri Dec 14 15:25:30 2007 Martin Duerst <duerst@i...> - * transcode.c (encoding_equal): new function. + * transcode.c (encoding_equal): new function. * transcode.c (str_transcode, transcode_dispatch): added two-step - conversion logic via UTF-8. + conversion logic via UTF-8. * trancode.c: some minor formatting fixes @@ -1903,7 +1908,7 @@ Thu Nov 8 15:13:56 2007 David Flanagan <davidflanagan@r...> * parse.y: fix segfault with \x escapes in regexps - delete unused #if 0 code regions from previous patch + delete unused #if 0 code regions from previous patch Thu Nov 8 12:12:10 2007 NAKAMURA Usaku <usa@r...> Index: lib/webrick/httprequest.rb =================================================================== --- lib/webrick/httprequest.rb (revision 14259) +++ lib/webrick/httprequest.rb (revision 14260) @@ -219,7 +219,10 @@ private def read_request_line(socket) - @request_line = read_line(socket) if socket + @request_line = read_line(socket, 1024) if socket + if @request_line.size >= 1024 and @request_line[-1, 1] != LF + raise HTTPStatus::RequestURITooLarge + end @request_time = Time.now raise HTTPStatus::EOFError unless @request_line if /^(\S+)\s+(\S+)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line @@ -317,10 +320,10 @@ @remaining_size = 0 end - def _read_data(io, method, arg) + def _read_data(io, method, *arg) begin WEBrick::Utils.timeout(@config[:RequestTimeout]){ - return io.__send__(method, arg) + return io.__send__(method, *arg) } rescue Errno::ECONNRESET return nil @@ -329,8 +332,8 @@ end end - def read_line(io) - _read_data(io, :gets, LF) + def read_line(io, size=4096) + _read_data(io, :gets, LF, size) end def read_data(io, size) Index: lib/webrick/cgi.rb =================================================================== --- lib/webrick/cgi.rb (revision 14259) +++ lib/webrick/cgi.rb (revision 14260) @@ -196,8 +196,8 @@ [nil, @server_port, @server_name, @server_addr] end - def gets(eol=LF) - input.gets(eol) + def gets(eol=LF, size=nil) + input.gets(eol, size) end def read(size=nil) Index: test/webrick/test_httprequest.rb =================================================================== --- test/webrick/test_httprequest.rb (revision 14259) +++ test/webrick/test_httprequest.rb (revision 14260) @@ -56,6 +56,16 @@ assert(req.query.empty?) end + def test_request_uri_too_large + msg = <<-_end_of_message_ + GET /#{"a"*1024} HTTP/1.1 + _end_of_message_ + req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP) + assert_raises(WEBrick::HTTPStatus::RequestURITooLarge){ + req.parse(StringIO.new(msg.gsub(/^ {6}/, ""))) + } + end + def test_parse_headers msg = <<-_end_of_message_ GET /path HTTP/1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml