agoo 2.15.14 → 2.15.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12e12e3428c92bdb7c5426a20a481935f89a7759a59ae9e7b66da2d49ecc4129
-  data.tar.gz: 342b51f1de8b8d6a589ff36717d84ed4e0e8a9898d1ff0b2439749a9b26e327e
+  metadata.gz: 4082bd93ed8668165d61bae2e0cc68d6bb4ff4c015172e281f1f4c81193e635f
+  data.tar.gz: a93f805c0d630183abd684e1c995b649f42573d41dcb01e48e68949ec520a036
 SHA512:
-  metadata.gz: d0d8a64a93f955a5dd89d5b69e82b3c4aef9454aedda197227e79f6d3892c1650a7a766b8025a648e865f6350331642a754dc29ce4c5643c6d8a1ad42f2a0e23
-  data.tar.gz: dfad2c83a41d4a44e1af4181caa6556f4e0fa67c46f23066365f7a97460fb8561191770750f35f41226e4f3b66fb41596b8c4eb50980a485935d8e7fbd5dc98c
+  metadata.gz: c9c668862fd616a3579ab3164ba98a04fbdf58ac4ae86ddd7d28facfbb6e665ced1298becace7ed5047fb6b9a1a0a2a6a79b87661139f1b3fc9561e499277c76
+  data.tar.gz: 96f3f2c3c732e0bc26438185399b1aeb0494f63564678e2c2bb6ba8340c199dd8950aec1dd347bcf75513b87bbb50240efba9a858ee9684bc8a3acec396caf10

data/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All changes to the Agoo gem are documented here. Releases follow semantic versioning.
 
+## [2.15.15] - 2026-05-09
+
+### Fixed
+
+- Moved URL decoding to before page lookup invalid denial.
+
+- Eliminated deprecated code warnings.
+
+- Fix issue Connection string too long error.
+
 ## [2.15.14] - 2025-09-24
 
 ### Fixed

data/ext/agoo/con.c

@@ -26,8 +26,6 @@
 #include "upgraded.h"
 #include "websocket.h"
 
-#define INITIAL_POLL_SIZE	1024
-
 double con_timeout = 30.0;
 
 typedef enum {

data/ext/agoo/doc.c

@@ -13,7 +13,7 @@
 #define EXP_MAX		100000
 #define DEC_MAX		16
 
-static char	char_map[256] = "\
+static char	char_map[257] = "\
 .........ww..w..................\
 wpq.....pp..w.p.ttttttttttp..p..\
 pttttttttttttttttttttttttttp.p.t\
@@ -23,7 +23,7 @@ pttttttttttttttttttttttttttp.p.t\
 ................................\
 ................................";
 
-static char	json_map[256] = "\
+static char	json_map[257] = "\
 .........ww..w..................\
 wpq.....pp..c.p.ttttttttttp..p..\
 pttttttttttttttttttttttttttp.p.t\
@@ -33,7 +33,7 @@ pttttttttttttttttttttttttttp.p.t\
 ................................\
 ................................";
 
-static char	value_map[256] = "\
+static char	value_map[257] = "\
 .........ww..w..................\
 wpq.....pp..ctt.ttttttttttt..p..\
 pttttttttttttttttttttttttttp.p.t\

data/ext/agoo/early_hints.c

@@ -24,6 +24,22 @@ eh_free(void *ptr) {
     }
 }
 
+static size_t
+eh_size(const void *ptr) {
+    return sizeof(struct _earlyHints);
+}
+
+static const rb_data_type_t early_hints_type = {
+    .wrap_struct_name = "early_hints",
+    .function = {
+	.dmark = NULL,
+	.dfree = eh_free,
+	.dsize = eh_size,
+    },
+    .data = NULL,
+    .flags = RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
 VALUE
 agoo_early_hints_new(agooReq req) {
     EarlyHints	eh = (EarlyHints)AGOO_CALLOC(1, sizeof(struct _earlyHints));
@@ -33,7 +49,7 @@ agoo_early_hints_new(agooReq req) {
     }
     eh->req = req;
 
-    return Data_Wrap_Struct(eh_class, NULL, eh_free, eh);
+    return TypedData_Wrap_Struct(eh_class, &early_hints_type, eh);
 }
 
 /* Document-method: call

data/ext/agoo/error_stream.c

@@ -22,6 +22,22 @@ es_free(void *ptr) {
     }
 }
 
+static size_t
+es_size(const void *ptr) {
+    return sizeof(struct _errorStream);
+}
+
+static const rb_data_type_t error_stream_type = {
+    .wrap_struct_name = "error_stream",
+    .function = {
+	.dmark = NULL,
+	.dfree = es_free,
+	.dsize = es_size,
+    },
+    .data = NULL,
+    .flags = RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
 VALUE
 error_stream_new(void) {
     ErrorStream	es = (ErrorStream)AGOO_MALLOC(sizeof(struct _errorStream));
@@ -32,7 +48,7 @@ error_stream_new(void) {
     es->server = NULL;
     es->text = NULL;
 
-    return Data_Wrap_Struct(es_class, NULL, es_free, es);
+    return TypedData_Wrap_Struct(es_class, &error_stream_type, es);
 }
 
 /* Document-method: puts

data/ext/agoo/gqlvalue.c

@@ -10,7 +10,7 @@
 #include "graphql.h"
 #include "sectime.h"
 
-static const char	spaces[256] = "\n                                                                                                                                                                                                                                                               ";
+static const char	spaces[257] = "\n                                                                                                                                                                                                                                                               ";
 
 // Null type
 static agooText

data/ext/agoo/graphql.c

@@ -24,7 +24,7 @@ typedef struct _slot {
 
 static Slot	buckets[BUCKET_SIZE];
 
-static uint8_t	name_chars[256] = "\
+static uint8_t	name_chars[257] = "\
 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
@@ -43,7 +43,7 @@ static uint8_t	name_chars[256] = "\
 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
 ";
 
-static const char	spaces[16] = "                ";
+static const char	spaces[17] = "                ";
 
 gqlDir	gql_directives = NULL;
 

data/ext/agoo/http.c

@@ -27,7 +27,7 @@ struct _cache		key_cache;
 
 // The rack spec indicates the characters (),/:;<=>?@[]{} are invalid which
 // clearly is not consistent with RFC7230 so stick with the RFC.
-static char		header_value_chars[256] = "\
+static char		header_value_chars[257] = "\
 xxxxxxxxxxoxxxxxxxxxxxxxxxxxxxxx\
 oooooooooooooooooooooooooooooooo\
 oooooooooooooooooooooooooooooooo\

data/ext/agoo/page.c

@@ -788,114 +788,66 @@ page_check(agooErr err, agooPage page) {
 agooPage
 agoo_page_get(agooErr err, const char *path, int plen, const char *root) {
     agooPage    page = NULL;
+    char        full_path[2048];
+    char        *s;
 
-    if (NULL != strstr(path, "../")) {
+    if (NULL != root) {
+	s = stpcpy(full_path, root);
+    } else if (NULL != cache.root) {
+	s = stpcpy(full_path, cache.root);
+    } else {
+	s = full_path;
+    }
+    // This catches the accidental repeated / but not the intentional URL
+    // encoding which is detected and denied later.
+    if ('/' != *(s - 1) && '/' != *path) {
+	*s++ = '/';
+    }
+    if ((int)sizeof(full_path) <= plen + (s - full_path)) {
+	AGOO_ERR_MEM(err, "Page path");
+	return NULL;
+    }
+    if (NULL != memchr(path, '%', plen)) {
+	const char  *pend = path + plen;
+	const char  *pp = path;
+
+	for (; pp < pend; pp++) {
+	    if ('%' != *pp) {
+		*s++ = *pp;
+		continue;
+	    }
+	    *s++ = parse_percent_seq(pp+1);
+	    pp += 2;
+	}
+    } else {
+	strncpy(s, path, plen);
+	s += plen;
+    }
+    *s = '\0';
+    // full_path is now URL decoded.
+    if (NULL != strstr(full_path, "../") || NULL != strstr(full_path, "//")) {
         return NULL;
     }
-    if (NULL != root) {
-        char    full_path[2048];
-        char    *s = stpcpy(full_path, root);
-
-        if (NULL != strstr(path, "../")) {
-            return NULL;
-        }
-        if ((int)sizeof(full_path) <= plen + (s - full_path)) {
-            AGOO_ERR_MEM(err, "Page path");
-            return NULL;
-        }
-        if ('/' != *(s - 1) && '/' != *path) {
-            *s++ = '/';
-        }
-        // TBD if path has % then ...
-        if (NULL != memchr(path, '%', plen)) {
-            const char  *pend = path + plen;
-            const char  *pp = path;
-
-            for (; pp < pend; pp++) {
-                if ('%' != *pp) {
-                    *s++ = *pp;
-                    continue;
-                }
-                *s++ = parse_percent_seq(pp+1);
-                pp += 2;
-            }
-        } else {
-            strncpy(s, path, plen);
-            s += plen;
-        }
-        *s = '\0';
-        plen = (int)(s - full_path);
-        if (NULL == (page = cache_root_get(full_path, plen))) {
-            if (NULL != cache.root) {
-                agooPage        old;
-
-                if (NULL == (page = agoo_page_create(full_path))) {
-                    AGOO_ERR_MEM(err, "Page");
-                    return NULL;
-                }
-                if (!update_contents(page) || NULL == page->resp) {
-                    agoo_page_destroy(page);
-                    agoo_err_set(err, AGOO_ERR_NOT_FOUND, "not found.");
-                    return NULL;
-                }
-                if (NULL != (old = cache_root_set(full_path, plen, page))) {
-                    agoo_page_destroy(old);
-                }
-            }
-        } else {
-            page = page_check(err, page);
-        }
+    plen = (int)(s - full_path);
+    if (NULL == (page = cache_root_get(full_path, plen))) {
+	if (NULL != cache.root) {
+	    agooPage	old;
+
+	    if (NULL == (page = agoo_page_create(full_path))) {
+		AGOO_ERR_MEM(err, "Page");
+		return NULL;
+	    }
+	    if (!update_contents(page) || NULL == page->resp) {
+		agoo_page_destroy(page);
+		agoo_err_set(err, AGOO_ERR_NOT_FOUND, "not found.");
+		return NULL;
+	    }
+	    if (NULL != (old = cache_root_set(full_path, plen, page))) {
+		agoo_page_destroy(old);
+	    }
+	}
     } else {
-        if (NULL == (page = cache_get(path, plen))) {
-            bool        has_percent = NULL != memchr(path, '%', plen);
-
-            if (NULL != cache.root || has_percent) {
-                agooPage        old;
-                char            full_path[2048];
-                char            *s = stpcpy(full_path, cache.root);
-
-                if ('/' != *(s - 1) && '/' != *path) {
-                    *s++ = '/';
-                }
-                if ((int)sizeof(full_path) <= plen + (s - full_path)) {
-                    AGOO_ERR_MEM(err, "Page path");
-                    return NULL;
-                }
-                if (has_percent) {
-                    const char  *pend = path + plen;
-                    const char  *pp = path;
-
-                    for (; pp < pend; pp++) {
-                        if ('%' != *pp) {
-                            *s++ = *pp;
-                            continue;
-                        }
-                        *s++ = parse_percent_seq(pp+1);
-                        pp += 2;
-                    }
-                    *s = '\0';
-                } else {
-                    strncpy(s, path, plen);
-                    s[plen] = '\0';
-                }
-                if (NULL == (page = agoo_page_create(full_path))) { // TBD full_path or original path?
-                    AGOO_ERR_MEM(err, "Page");
-                    return NULL;
-                }
-                plen = (int)strlen(full_path);
-                if (!update_contents(page) || NULL == page->resp) {
-                    agoo_page_destroy(page);
-                    agoo_err_set(err, AGOO_ERR_NOT_FOUND, "not found.");
-                    return NULL;
-                }
-                // Cache key is the original path/plen.
-                if (NULL != (old = cache_set(path, plen, page))) {
-                    agoo_page_destroy(old);
-                }
-            }
-        } else {
-            page = page_check(err, page);
-        }
+	page = page_check(err, page);
     }
     return page;
 }

data/ext/agoo/queue.c

@@ -57,15 +57,20 @@ agoo_queue_multi_init(agooErr err, agooQueue q, size_t qsize, bool multi_push, b
 
 void
 agoo_queue_cleanup(agooQueue q) {
+    int	sock = q->wsock;
+
+    q->wsock = 0;
+    if (0 < sock) {
+	close(sock);
+    }
+    sock = q->rsock;
+    q->rsock = 0;
+    if (0 < sock) {
+	close(sock);
+    }
     AGOO_FREE(q->q);
     q->q = NULL;
     q->end = NULL;
-    if (0 < q->wsock) {
-	close(q->wsock);
-    }
-    if (0 < q->rsock) {
-	close(q->rsock);
-    }
 }
 
 void

data/ext/agoo/request.c

@@ -483,7 +483,6 @@ fill_headers(agooReq r, VALUE hash) {
     if (NULL == r) {
 	rb_raise(rb_eArgError, "Request is no longer valid.");
     }
-
     for (; h < end; h++) {
 	switch (*h) {
 	case ':':
@@ -515,10 +514,12 @@ fill_headers(agooReq r, VALUE hash) {
 	    } else if (sizeof(connection_key) - 1 == klen && 0 == strncasecmp(key, connection_key, sizeof(connection_key) - 1)) {
 		char	buf[1024];
 
-		strncpy(buf, val, vend - val);
-		buf[sizeof(buf)-1] = '\0';
-		if (NULL != strstr(buf, upgrade_key)) {
-		    upgrade = true;
+		if (vend - val < (long)sizeof(buf) - 1) {
+		    strncpy(buf, val, vend - val);
+		    buf[sizeof(buf)-1] = '\0';
+		    if (NULL != strstr(buf, upgrade_key)) {
+			upgrade = true;
+		    }
 		}
 	    } else if (sizeof(accept_key) - 1 == klen && 0 == strncasecmp(key, accept_key, sizeof(accept_key) - 1)) {
 		if (sizeof(event_stream_val) - 1 == vend - val &&
@@ -739,10 +740,28 @@ request_mark(void *ptr) {
     }
 }
 
+static size_t
+request_size(const void *ptr) {
+    agooReq	r = (agooReq)ptr;
+
+    return sizeof(struct _agooReq) + r->mlen - 8;
+}
+
+static const rb_data_type_t request_type = {
+    .wrap_struct_name = "request",
+    .function = {
+	.dmark = request_mark,
+	.dfree = NULL,
+	.dsize = request_size,
+    },
+    .data = NULL,
+    .flags = RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
 VALUE
 request_wrap(agooReq req) {
     // freed from the C side of things
-    return Data_Wrap_Struct(req_class, request_mark, NULL, req);
+    return TypedData_Wrap_Struct(req_class, &request_type, req);
 }
 
 /* Document-class: Agoo::Request

data/ext/agoo/rresponse.c

@@ -24,6 +24,22 @@ response_free(void *ptr) {
     AGOO_FREE(ptr);
 }
 
+static size_t
+response_size(const void *ptr) {
+    return sizeof(struct _agooResponse);
+}
+
+static const rb_data_type_t response_type = {
+    .wrap_struct_name = "response",
+    .function = {
+	.dmark = NULL,
+	.dfree = response_free,
+	.dsize = response_size,
+    },
+    .data = NULL,
+    .flags = RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
 VALUE
 response_new(void) {
     agooResponse	res = (agooResponse)AGOO_MALLOC(sizeof(struct _agooResponse));
@@ -34,7 +50,7 @@ response_new(void) {
     memset(res, 0, sizeof(struct _agooResponse));
     res->code = 200;
 
-    return Data_Wrap_Struct(res_class, NULL, response_free, res);
+    return TypedData_Wrap_Struct(res_class, &response_type, res);
 }
 
 /* Document-method: to_s

data/ext/agoo/rserver.c

@@ -1292,6 +1292,23 @@ use(int argc, VALUE *argv, VALUE self) {
     return Qnil;
 }
 
+static size_t
+server_size(const void *ptr) {
+    return sizeof(struct _agooServer);
+}
+
+static const rb_data_type_t server_type = {
+    .wrap_struct_name = "server",
+    .function = {
+	.dmark = server_mark,
+	.dfree = NULL,
+	.dsize = server_size,
+    },
+    .data = NULL,
+    .flags = 0,
+};
+
+
 /* Document-class: Agoo::Server
  *
  * An HTTP server that support the rack API as well as some other optimized
@@ -1335,7 +1352,8 @@ server_init(VALUE mod) {
 
     push_env_key = rb_str_new_cstr("rack.upgrade"); rb_gc_register_address(&push_env_key);
 
-    rserver = Data_Wrap_Struct(rb_cObject, server_mark, NULL, strdup("dummy"));
+    rserver = TypedData_Wrap_Struct(rb_cObject, &server_type, strdup("dummy"));
+
     rb_gc_register_address(&rserver);
 
     agoo_http_init();

data/ext/agoo/rupgraded.c

@@ -231,6 +231,22 @@ on_destroy(agooUpgraded up) {
     }
 }
 
+static size_t
+upgraded_size(const void *ptr) {
+    return sizeof(struct _agooUpgraded);
+}
+
+static const rb_data_type_t upgraded_type = {
+    .wrap_struct_name = "upgraded",
+    .function = {
+	.dmark = NULL,
+	.dfree = NULL,
+	.dsize = upgraded_size,
+    },
+    .data = NULL,
+    .flags = 0,
+};
+
 agooUpgraded
 rupgraded_create(agooCon c, VALUE obj, VALUE env) {
     agooUpgraded	up;
@@ -246,7 +262,7 @@ rupgraded_create(agooCon c, VALUE obj, VALUE env) {
 	up->on_error = rb_respond_to(obj, rb_intern("on_error"));
 	up->on_destroy = on_destroy;
 
-	up->wrap = (void*)Data_Wrap_Struct(upgraded_class, NULL, NULL, up);
+	up->wrap = (void*)TypedData_Wrap_Struct(upgraded_class, &upgraded_type, up);
 
 	agoo_server_add_upgraded(up);
 

data/ext/agoo/server.c

@@ -163,12 +163,12 @@ listen_loop(void *x) {
                     agoo_log_cat(&agoo_con_cat, "Server with pid %d accepted connection %llu on %s [%d] from %s",
                                  getpid(), (unsigned long long)cnt, b->id, con->sock, con->remote);
 
-										/* TBD
-                    con_cnt = atomic_fetch_add(&agoo_server.con_cnt, 1);
-                    if (agoo_server.loop_max > agoo_server.loop_cnt && agoo_server.loop_cnt * LOOP_UP < con_cnt) {
-                        add_con_loop();
-                    }
-										*/
+		    /* TBD
+		       con_cnt = atomic_fetch_add(&agoo_server.con_cnt, 1);
+		       if (agoo_server.loop_max > agoo_server.loop_cnt && agoo_server.loop_cnt * LOOP_UP < con_cnt) {
+		       add_con_loop();
+		       }
+		    */
                     agoo_queue_push(&agoo_server.con_queue, (void*)con);
                 }
             }

data/ext/agoo/text.c

@@ -10,7 +10,7 @@
 
 static const char	hex_chars[17] = "0123456789abcdef";
 
-static char	json_chars[256] = "\
+static char	json_chars[257] = "\
 66666666222622666666666666666666\
 11211111111111111111111111111111\
 11111111111111111111111111112111\

data/lib/agoo/version.rb

@@ -1,5 +1,5 @@
 
 module Agoo
   # Agoo version.
-  VERSION = '2.15.14'
+  VERSION = '2.15.15'
 end

data/test/base_handler_test.rb

@@ -32,8 +32,6 @@ class BaseHandlerTest < Minitest::Test
       elsif 'DELETE' == req.request_method
 	res.code = 200
 	res.body = req.body
-
-
       end
     end
   end
@@ -131,6 +129,49 @@ class BaseHandlerTest < Minitest::Test
     }
   end
 
+  def test_long_connection
+    uri = URI('http://localhost:6470/tellme?a=1')
+    req = Net::HTTP::Get.new(uri)
+    # Set the headers the way we want them.
+    req['Accept-Encoding'] = '*'
+    req['Accept'] = 'application/json'
+    req['User-Agent'] = 'Ruby'
+    req['Connection'] = 'X'* 1024 # should not cause a failure
+
+    res = Net::HTTP.start(uri.hostname, uri.port) { |h|
+      h.request(req)
+    }
+    content = res.body
+    obj = Oj.load(content, mode: :strict)
+
+    expect = {
+      "HTTP_ACCEPT" => "application/json",
+      "HTTP_ACCEPT_ENCODING" => "*",
+      "HTTP_USER_AGENT" => "Ruby",
+      "PATH_INFO" => "/tellme",
+      "QUERY_STRING" => "a=1",
+      "REQUEST_METHOD" => "GET",
+      "SCRIPT_NAME" => "",
+      "SERVER_NAME" => "localhost",
+      "SERVER_PORT" => "6470",
+      "rack.errors" => nil,
+      "rack.input" => nil,
+      "rack.multiprocess" => false,
+      "rack.multithread" => false,
+      "rack.run_once" => false,
+      "rack.url_scheme" => "http",
+      "rack.version" => [1, 3],
+      "rack.logger" => nil,
+    }
+    expect.each_pair { |k,v|
+      if v.nil?
+        assert_nil(obj[k], k)
+      else
+        assert_equal(v, obj[k], k)
+      end
+    }
+  end
+
   def test_post
     uri = URI('http://localhost:6470/makeme')
     req = Net::HTTP::Post.new(uri)

data/test/static_test.rb

@@ -124,4 +124,16 @@ class StaticTest < Minitest::Test
     assert_equal("404", res.code)
   end
 
+  def test_fetch_encoded
+    uri = URI('http://localhost:6469/%2e%2e%2ftests.sh')
+    res = Net::HTTP.get_response(uri)
+    assert_equal("404", res.code)
+  end
+
+  def test_fetch_double_slash
+    uri = URI('http://localhost:6469/%2f/nest/something.txt')
+    res = Net::HTTP.get_response(uri)
+    assert_equal("404", res.code)
+  end
+
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: agoo
 version: !ruby/object:Gem::Version
-  version: 2.15.14
+  version: 2.15.15
 platform: ruby
 authors:
 - Peter Ohler
 bindir: bin
 cert_chain: []
-date: 2025-09-24 00:00:00.000000000 Z
+date: 2026-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oj
@@ -207,7 +207,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - Linux or macOS
-rubygems_version: 3.6.9
+rubygems_version: 4.0.3
 specification_version: 4
 summary: An HTTP server
 test_files: