diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-10-01 10:59:42 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-10-01 10:59:42 +0000 |
commit | 05cdcdc6ec7f0777ba56100308e54e97e277293f (patch) | |
tree | 678137caa516533667be23965c16d180f5122aed | |
parent | 02ea1fdfc70b01189574a4a640eec3c9c81d2417 (diff) |
merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03
Loop with String#scan without creating substrings
Create the substrings necessary parts only, instead of cutting the
rest of the buffer. Also removed a useless, probable typo, regexp.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67811 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | lib/webrick/httpauth/digestauth.rb | 19 | ||||
-rw-r--r-- | test/webrick/test_httpauth.rb | 22 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 25 insertions, 18 deletions
diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb index 94f849a02e..c2d5c16cad 100644 --- a/lib/webrick/httpauth/digestauth.rb +++ b/lib/webrick/httpauth/digestauth.rb @@ -290,23 +290,8 @@ module WEBrick def split_param_value(string) ret = {} - while string.bytesize != 0 - case string - when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/ - key = $1 - matched = $2 - string = $' - ret[key] = matched.gsub(/\\(.)/, "\\1") - when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/ - key = $1 - matched = $2 - string = $' - ret[key] = matched.clone - when /^s*^,/ - string = $' - else - break - end + string.scan(/\G\s*([\w\-.*%!]+)=\s*(?:\"((?>\\.|[^\"])*)\"|([^,\"]*))\s*,?/) do + ret[$1] = $3 || $2.gsub(/\\(.)/, "\\1") end ret end diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb index ff539f06c7..e407dd494f 100644 --- a/test/webrick/test_httpauth.rb +++ b/test/webrick/test_httpauth.rb @@ -292,6 +292,28 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase } end + def test_digest_auth_invalid + digest_auth = WEBrick::HTTPAuth::DigestAuth.new(Realm: 'realm', UserDB: '') + + def digest_auth.error(fmt, *) + end + + def digest_auth.try_bad_request(len) + request = {"Authorization" => %[Digest a="#{'\b'*len}]} + authenticate request, nil + end + + bad_request = WEBrick::HTTPStatus::BadRequest + t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC) + assert_raise(bad_request) {digest_auth.try_bad_request(10)} + limit = (Process.clock_gettime(Process::CLOCK_MONOTONIC) - t0) + [20, 50, 100, 200].each do |len| + assert_raise(bad_request) do + Timeout.timeout(len*limit) {digest_auth.try_bad_request(len)} + end + end + end + private def credentials_for_request(user, password, params, body = nil) cnonce = "hoge" @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.5.7" #define RUBY_RELEASE_DATE "2019-10-01" -#define RUBY_PATCHLEVEL 203 +#define RUBY_PATCHLEVEL 204 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 10 |