ruby.git/lib/webrick/httprequest.rb, branch v2_5_8 The Ruby Programming Language revert r62985 (r62966 in trunk) 2018-03-28T16:44:33+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T16:44:33+00:00 5da448fd38a92d0bffe221c054662fbb6f262b58 It breaks test-all git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@63025 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
It breaks test-all


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@63025 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httpproxy: stream request and response bodies 2018-03-28T09:26:16+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T09:26:16+00:00 d68c089a8d42e5d142d646a352cf47760c99b0f8 Reading entire request or response bodies into memory can lead to trivial denial-of-service attacks. Introduce Fibers in both cases to allow streaming. WEBrick::HTTPRequest gains a new body_reader method to prepare itself as a source for IO.copy_stream. This allows the WEBrick::HTTPRequest object to be used as the Net::HTTPGenericRequest#body_stream= arg for Net::HTTP. For HTTP proxy response bodies, we also use a Fiber to to make the HTTP request and read the response body. * lib/webrick/httprequest.rb (body_reader): new method (readpartial): ditto * lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber to stream response body (do_GET, do_HEAD): adjust call (do_POST): adjust call and supply body_reader * test/webrick/test_httprequest.rb (test_chunked): test for IO.copy_stream compatibility * test/webrick/test_httpproxy.rb (test_big_bodies): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62985 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Reading entire request or response bodies into memory can lead
to trivial denial-of-service attacks.  Introduce Fibers in both
cases to allow streaming.

WEBrick::HTTPRequest gains a new body_reader method to prepare
itself as a source for IO.copy_stream.  This allows the
WEBrick::HTTPRequest object to be used as the
Net::HTTPGenericRequest#body_stream= arg for Net::HTTP.

For HTTP proxy response bodies, we also use a Fiber to
to make the HTTP request and read the response body.

* lib/webrick/httprequest.rb (body_reader): new method
  (readpartial): ditto
* lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber
  to stream response body
  (do_GET, do_HEAD): adjust call
  (do_POST): adjust call and supply body_reader
* test/webrick/test_httprequest.rb (test_chunked): test
  for IO.copy_stream compatibility
* test/webrick/test_httpproxy.rb (test_big_bodies): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62985 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httprequest: use InputBufferSize for chunked requests 2018-03-28T09:26:12+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T09:26:12+00:00 18b99e2a0a9a21ba619404905e181191e46b09bc While WEBrick::HTTPRequest#body provides a Proc interface for streaming large request bodies, clients must not force the server to use an excessively large chunk size. * lib/webrick/httprequest.rb (read_chunk_size): limit each read and block.call to :InputBufferSize in config. * test/webrick/test_httpserver.rb (test_big_chunks): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62982 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
While WEBrick::HTTPRequest#body provides a Proc interface
for streaming large request bodies, clients must not force
the server to use an excessively large chunk size.

* lib/webrick/httprequest.rb (read_chunk_size): limit each
  read and block.call to :InputBufferSize in config.
* test/webrick/test_httpserver.rb (test_big_chunks): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62982 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httprequest: raise correct exception 2018-03-28T09:26:12+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T09:26:12+00:00 276136af27cc9e86f7204d7e4b72f3dedac61f88 "BadRequest" alone does not resolve correctly, it is in the HTTPStatus namespace. * lib/webrick/httprequest.rb (read_chunked): use correct exception * test/webrick/test_httpserver.rb (test_eof_in_chunk): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62981 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
"BadRequest" alone does not resolve correctly, it is in the
HTTPStatus namespace.

* lib/webrick/httprequest.rb (read_chunked): use correct exception
* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62981 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httprequest: limit request headers size 2018-03-28T09:26:10+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T09:26:10+00:00 b15f9b622f1f988f5a23036b74be9bbfc28056ad We use the same 112 KB limit started (AFAIK) by Mongrel, Thin, and Puma to prevent malicious users from using up all the memory with a single request. This also limits the damage done by excessive ranges in multipart Range: requests. Due to the way we rely on IO#gets and the desire to keep the code simple, the actual maximum header may be 4093 bytes larger than 112 KB, but we're splitting hairs at that point. * lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH (read_header): raise when headers exceed max length git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
and Puma to prevent malicious users from using up all the memory
with a single request.  This also limits the damage done by
excessive ranges in multipart Range: requests.

Due to the way we rely on IO#gets and the desire to keep
the code simple, the actual maximum header may be 4093 bytes
larger than 112 KB, but we're splitting hairs at that point.

* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
  (read_header): raise when headers exceed max length

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Multiple values X-Forwarded-Proto in webrick 2016-06-21T10:32:26+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-06-21T10:32:26+00:00 978ee6d1ef62b36c143103f7a229bfb8bf0f99c6 * lib/webrick/httprequest.rb (setup_forwarded_info): Use the first value in X-Forwarded-Proto, if header contains multiple comma separated values. Some middlewares may add these values to the list, not replacing. [Fix GH-1386] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* lib/webrick/httprequest.rb (setup_forwarded_info): Use the first
  value in X-Forwarded-Proto, if header contains multiple comma
  separated values.  Some middlewares may add these values to the
  list, not replacing.  [Fix GH-1386]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add frozen_string_literal: false for all files 2015-12-16T05:07:31+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-12-16T05:07:31+00:00 3e92b635fb5422207b7bbdc924e292e51e21f040 When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
normalize reference to Timeout::Error 2014-10-07T20:00:09+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-10-07T20:00:09+00:00 9bb7dfa247b0dd1bb3ad1f596720d205835c6201 From: John Bachir <j@jjb.cc> * bootstraptest/test_io.rb (assert_finish): normalize rescue for Timeout::Error * lib/net/ftp.rb (Net#read_timeout): ditto for doc * lib/resolv.rb (Resolv::ResolvTimeout): ditto for subclass * lib/webrick/httprequest.rb (_read_data): ditto for rescue * sample/timeout.rb (p timeout): ditto for call * test/drb/drbtest.rb (test_06_timeout): ditto * test/ruby/test_readpartial.rb (test_open_pipe): ditto * test/thread/test_queue.rb (test_queue_thread_raise): ditto * thread.c (rb_thread_s_handle_interrupt): ditto for doc [ruby-core:65481] [misc #10339] TimeoutError is a legacy constant, Timeout::Error is the canonical constant. This patch normalizes all code and comments to reference Timeout::Error. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47838 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
From: John Bachir <j@jjb.cc>

* bootstraptest/test_io.rb (assert_finish):
  normalize rescue for Timeout::Error
* lib/net/ftp.rb (Net#read_timeout): ditto for doc
* lib/resolv.rb (Resolv::ResolvTimeout): ditto for subclass
* lib/webrick/httprequest.rb (_read_data): ditto for rescue
* sample/timeout.rb (p timeout): ditto for call
* test/drb/drbtest.rb (test_06_timeout): ditto
* test/ruby/test_readpartial.rb (test_open_pipe): ditto
* test/thread/test_queue.rb (test_queue_thread_raise): ditto
* thread.c (rb_thread_s_handle_interrupt): ditto for doc
  [ruby-core:65481] [misc #10339]

TimeoutError is a legacy constant, Timeout::Error is the canonical constant.
This patch normalizes all code and comments to reference Timeout::Error.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47838 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httprequest.rb: [DOC] Fix broken link of CGI specification by @udzura [fix GH-466] 2013-12-06T01:56:44+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-12-06T01:56:44+00:00 ea1180ef806ff452c74af9ebc73746350c1ff0ea git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
fix typos inspired by r40825 2013-05-19T14:50:47+00:00 kazu kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-05-19T14:50:47+00:00 c54733e1206c2d7434610c8f7f2875f082231cfd git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40829 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40829 b2dd03c8-39d4-4d8f-98ff-823fe69b080e