ruby-changes:56208
From: Nobuyoshi <ko1@a...>
Date: Mon, 24 Jun 2019 10:24:48 +0900 (JST)
Subject: [ruby-changes:56208] Nobuyoshi Nakada: 11a60f9bdb (trunk): Remove extraneous spaces at the end of status line
https://git.ruby-lang.org/ruby.git/commit/?id=11a60f9bdb From 11a60f9bdb486b5173946a7eb11b41e5f75a28cd Mon Sep 17 00:00:00 2001 From: Nobuyoshi Nakada <nobu@r...> Date: Sat, 9 Mar 2019 19:53:51 +0900 Subject: Remove extraneous spaces at the end of status line Remove extraneous spaces after the status code that is non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary confusion for WEBrick users, by a risk that WEBrick instances in the wild will have server responses flagged as suspicious or malicious due to a similar bug in [Cobalt Strike misconfiguration]. Reported by Matt Tennis <mtennis@p...> [Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/ diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb index 41a2510..f206a05 100644 --- a/lib/webrick/httpresponse.rb +++ b/lib/webrick/httpresponse.rb @@ -119,7 +119,7 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httpresponse.rb#L119 # The response's HTTP status line def status_line - "HTTP/#@http_version #@status #@reason_phrase #{CRLF}" + "HTTP/#@http_version #@status #@reason_phrase".rstrip << CRLF end ## diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb index 468c605..a1d7712 100644 --- a/test/webrick/test_httpresponse.rb +++ b/test/webrick/test_httpresponse.rb @@ -222,5 +222,12 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httpresponse.rb#L222 assert_match(/#{@res.reason_phrase}/, body) assert_match(/#{message}/, body) end + + def test_no_extraneous_space + [200, 300, 400, 500].each do |status| + @res.status = status + assert_match(/\S\r\n/, @res.status_line) + end + end end end -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/