* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or

header fields shold be read with maximum length. [ruby-talk:231745]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,8 @@
+Mon Dec 17 16:02:30 2007  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or
+	  header fields shold be read with maximum length. [ruby-talk:231745]
+
 Mon Dec 17 14:03:39 2007  Tanaka Akira  <akr@fsij.org>
 
 	* include/ruby/encoding.h (ENC_CODERANGE_VALID): rename from
@@ -25,7 +30,7 @@ Mon Dec 17 11:38:59 2007  Tanaka Akira  <akr@fsij.org>
 
 Sun Dec 16 17:07:35 2007  Martin Duerst  <duerst@it.aoyama.ac.jp>
 
-        * transcode.c (transcode_loop): removed special case (-1)
+	* transcode.c (transcode_loop): removed special case (-1)
 	  for undefined conversions.
 
 	* transcode_data_iso_8859.c: Changed from character constants
@@ -132,10 +137,10 @@ Fri Dec 14 16:06:18 2007  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 Fri Dec 14 15:25:30 2007  Martin Duerst  <duerst@it.aoyama.ac.jp>
 
-        * transcode.c (encoding_equal): new function.
+	* transcode.c (encoding_equal): new function.
 
 	* transcode.c (str_transcode, transcode_dispatch): added two-step
-          conversion logic via UTF-8.
+	  conversion logic via UTF-8.
 
 	* trancode.c: some minor formatting fixes
 
@@ -1903,7 +1908,7 @@ Thu Nov  8 17:09:55 2007  David Flanagan  <davidflanagan@ruby-lang.org>
 Thu Nov  8 15:13:56 2007 David Flanagan <davidflanagan@ruby-lang.org>
 
 	* parse.y: fix segfault with \x escapes in regexps
-                   delete unused #if 0 code regions from previous patch
+	  delete unused #if 0 code regions from previous patch
 	
 Thu Nov  8 12:12:10 2007  NAKAMURA Usaku  <usa@ruby-lang.org>
 

lib/webrick/cgi.rb

@@ -196,8 +196,8 @@ module WEBrick
         [nil, @server_port, @server_name, @server_addr]
       end
   
-      def gets(eol=LF)
-        input.gets(eol)
+      def gets(eol=LF, size=nil)
+        input.gets(eol, size)
       end
   
       def read(size=nil)

lib/webrick/httprequest.rb

@@ -219,7 +219,10 @@ module WEBrick
     private
 
     def read_request_line(socket)
-      @request_line = read_line(socket) if socket
+      @request_line = read_line(socket, 1024) if socket
+      if @request_line.size >= 1024 and @request_line[-1, 1] != LF
+        raise HTTPStatus::RequestURITooLarge
+      end
       @request_time = Time.now
       raise HTTPStatus::EOFError unless @request_line
       if /^(\S+)\s+(\S+)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line
@@ -317,10 +320,10 @@ module WEBrick
       @remaining_size = 0
     end
 
-    def _read_data(io, method, arg)
+    def _read_data(io, method, *arg)
       begin
         WEBrick::Utils.timeout(@config[:RequestTimeout]){
-          return io.__send__(method, arg)
+          return io.__send__(method, *arg)
         }
       rescue Errno::ECONNRESET
         return nil
@@ -329,8 +332,8 @@ module WEBrick
       end
     end
 
-    def read_line(io)
-      _read_data(io, :gets, LF)
+    def read_line(io, size=4096)
+      _read_data(io, :gets, LF, size)
     end
 
     def read_data(io, size)

test/webrick/test_httprequest.rb

@@ -56,6 +56,16 @@ class TestWEBrickHTTPRequest < Test::Unit::TestCase
     assert(req.query.empty?)
   end
 
+  def test_request_uri_too_large
+    msg = <<-_end_of_message_
+      GET /#{"a"*1024} HTTP/1.1
+    _end_of_message_
+    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+    assert_raises(WEBrick::HTTPStatus::RequestURITooLarge){
+      req.parse(StringIO.new(msg.gsub(/^ {6}/, "")))
+    }
+  end
+
   def test_parse_headers
     msg = <<-_end_of_message_
       GET /path HTTP/1.1