* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or

header fields shold be read with maximum length. [ruby-talk:231745] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-17 07:03:57 +00:00 · 2007-12-17 07:03:57 +00:00 · 1e8c6e2ba4
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Mon Dec 17 16:02:30 2007  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
+	  header fields shold be read with maximum length. [ruby-talk:231745]
+
 Mon Dec 17 14:03:39 2007  Tanaka Akira  <akr@fsij.org>

 	* include/ruby/encoding.h (ENC_CODERANGE_VALID): rename from
--- a/lib/webrick/cgi.rb
+++ b/lib/webrick/cgi.rb
@ -196,8 +196,8 @@ module WEBrick
        [nil, @server_port, @server_name, @server_addr]
      end
  
-      def gets(eol=LF)
-        input.gets(eol)
+      def gets(eol=LF, size=nil)
+        input.gets(eol, size)
      end
  
      def read(size=nil)
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@ -219,7 +219,10 @@ module WEBrick
    private

    def read_request_line(socket)
-      @request_line = read_line(socket) if socket
+      @request_line = read_line(socket, 1024) if socket
+      if @request_line.size >= 1024 and @request_line[-1, 1] != LF
+        raise HTTPStatus::RequestURITooLarge
+      end
      @request_time = Time.now
      raise HTTPStatus::EOFError unless @request_line
      if /^(\S+)\s+(\S+)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line
@ -317,10 +320,10 @@ module WEBrick
      @remaining_size = 0
    end

-    def _read_data(io, method, arg)
+    def _read_data(io, method, *arg)
      begin
        WEBrick::Utils.timeout(@config[:RequestTimeout]){
-          return io.__send__(method, arg)
+          return io.__send__(method, *arg)
        }
      rescue Errno::ECONNRESET
        return nil
@ -329,8 +332,8 @@ module WEBrick
      end
    end

-    def read_line(io)
-      _read_data(io, :gets, LF)
+    def read_line(io, size=4096)
+      _read_data(io, :gets, LF, size)
    end

    def read_data(io, size)
--- a/test/webrick/test_httprequest.rb
+++ b/test/webrick/test_httprequest.rb
@ -56,6 +56,16 @@ class TestWEBrickHTTPRequest < Test::Unit::TestCase
    assert(req.query.empty?)
  end

+  def test_request_uri_too_large
+    msg = <<-_end_of_message_
+      GET /#{"a"*1024} HTTP/1.1
+    _end_of_message_
+    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+    assert_raises(WEBrick::HTTPStatus::RequestURITooLarge){
+      req.parse(StringIO.new(msg.gsub(/^ {6}/, "")))
+    }
+  end
+
  def test_parse_headers
    msg = <<-_end_of_message_
      GET /path HTTP/1.1