ruby.git/lib/webrick/httprequest.rb, branch v2_7_8 The Ruby Programming Language merge revision(s) d23d2f3f6fbb5d787b0dd80675c489a692be23e2: 2020-09-29T13:46:14+00:00 nagachika nagachika@ruby-lang.org 2020-09-29T13:46:14+00:00 828c34e58b63d64558ec0f2d1d7ae401c5e6b21f [ruby/webrick] Make it more strict to interpret some headers Some regexps were too tolerant. https://github.com/ruby/webrick/commit/8946bb38b4 
	[ruby/webrick] Make it more strict to interpret some headers

	Some regexps were too tolerant.

	https://github.com/ruby/webrick/commit/8946bb38b4
[ruby/webrick] Support literal IPv6 addresses in X-Forwarded-Host 2019-10-24T10:47:20+00:00 Jeremy Evans code@jeremyevans.net 2019-08-27T05:22:00+00:00 c28d50a753615dff9bd721f608846d4ef541feb1 https://github.com/ruby/webrick/commit/6b6990ec81 
https://github.com/ruby/webrick/commit/6b6990ec81
lib/*: Prefer require_relative over require. 2018-11-02T17:52:33+00:00 marcandre marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-11-02T17:52:33+00:00 e859e668d2eb59f34ad18edb7458ce90076617e9 [#15206] [Fix GH-1976] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[#15206] [Fix GH-1976]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: raise EOFError in parse when read line is nil 2018-09-24T07:48:33+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-09-24T07:48:33+00:00 1aef602d5a9398ff362de212ae402ffcd8ff76ae [Bug #15146] From: Justin Li <git@justinli.net> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[Bug #15146]

From: Justin Li <git@justinli.net>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
repatch r62966 and r62969. 2018-04-03T10:22:45+00:00 ko1 ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-04-03T10:22:45+00:00 1751ea76a4583a1796324135fa5d30fef6abfc24 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Revert r62966 and r62969 2018-04-03T07:54:18+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-04-03T07:54:18+00:00 0c632c6fd391546cab623644aecc0ed85b1363da It breaks mswin's test-all git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63069 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
It breaks mswin's test-all

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63069 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httpproxy: stream request and response bodies 2018-03-28T08:06:55+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T08:06:55+00:00 706c028909df2f9526c1cde1c2baa6bc0b4d318a Reading entire request or response bodies into memory can lead to trivial denial-of-service attacks. Introduce Fibers in both cases to allow streaming. WEBrick::HTTPRequest gains a new body_reader method to prepare itself as a source for IO.copy_stream. This allows the WEBrick::HTTPRequest object to be used as the Net::HTTPGenericRequest#body_stream= arg for Net::HTTP. For HTTP proxy response bodies, we also use a Fiber to to make the HTTP request and read the response body. * lib/webrick/httprequest.rb (body_reader): new method (readpartial): ditto * lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber to stream response body (do_GET, do_HEAD): adjust call (do_POST): adjust call and supply body_reader * test/webrick/test_httprequest.rb (test_chunked): test for IO.copy_stream compatibility * test/webrick/test_httpproxy.rb (test_big_bodies): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Reading entire request or response bodies into memory can lead
to trivial denial-of-service attacks.  Introduce Fibers in both
cases to allow streaming.

WEBrick::HTTPRequest gains a new body_reader method to prepare
itself as a source for IO.copy_stream.  This allows the
WEBrick::HTTPRequest object to be used as the
Net::HTTPGenericRequest#body_stream= arg for Net::HTTP.

For HTTP proxy response bodies, we also use a Fiber to
to make the HTTP request and read the response body.

* lib/webrick/httprequest.rb (body_reader): new method
  (readpartial): ditto
* lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber
  to stream response body
  (do_GET, do_HEAD): adjust call
  (do_POST): adjust call and supply body_reader
* test/webrick/test_httprequest.rb (test_chunked): test
  for IO.copy_stream compatibility
* test/webrick/test_httpproxy.rb (test_big_bodies): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httprequest: use InputBufferSize for chunked requests 2018-03-28T08:06:39+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T08:06:39+00:00 2d41d88c4d213f56cd8cefe368699cee896129f1 While WEBrick::HTTPRequest#body provides a Proc interface for streaming large request bodies, clients must not force the server to use an excessively large chunk size. * lib/webrick/httprequest.rb (read_chunk_size): limit each read and block.call to :InputBufferSize in config. * test/webrick/test_httpserver.rb (test_big_chunks): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62963 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
While WEBrick::HTTPRequest#body provides a Proc interface
for streaming large request bodies, clients must not force
the server to use an excessively large chunk size.

* lib/webrick/httprequest.rb (read_chunk_size): limit each
  read and block.call to :InputBufferSize in config.
* test/webrick/test_httpserver.rb (test_big_chunks): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62963 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httprequest: raise correct exception 2018-03-28T08:06:34+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T08:06:34+00:00 6db6eb572b512998ccfde31610fe18f522d9ba86 "BadRequest" alone does not resolve correctly, it is in the HTTPStatus namespace. * lib/webrick/httprequest.rb (read_chunked): use correct exception * test/webrick/test_httpserver.rb (test_eof_in_chunk): new test git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
"BadRequest" alone does not resolve correctly, it is in the
HTTPStatus namespace.

* lib/webrick/httprequest.rb (read_chunked): use correct exception
* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httprequest: limit request headers size 2018-03-28T08:06:23+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T08:06:23+00:00 7e1f2a5aa9d60deec2f84557c6b9032953151ca9 We use the same 112 KB limit started (AFAIK) by Mongrel, Thin, and Puma to prevent malicious users from using up all the memory with a single request. This also limits the damage done by excessive ranges in multipart Range: requests. Due to the way we rely on IO#gets and the desire to keep the code simple, the actual maximum header may be 4093 bytes larger than 112 KB, but we're splitting hairs at that point. * lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH (read_header): raise when headers exceed max length git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
and Puma to prevent malicious users from using up all the memory
with a single request.  This also limits the damage done by
excessive ranges in multipart Range: requests.

Due to the way we rely on IO#gets and the desire to keep
the code simple, the actual maximum header may be 4093 bytes
larger than 112 KB, but we're splitting hairs at that point.

* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
  (read_header): raise when headers exceed max length

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e