iodine 0.7.45 → 0.7.48
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/examples/etag.ru +16 -0
- data/ext/iodine/http.c +14 -27
- data/ext/iodine/iodine_http.c +0 -2
- data/ext/iodine/iodine_rack_io.c +0 -8
- data/ext/iodine/websockets.c +18 -7
- data/lib/iodine/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1718fc25cba1ab9a96c643a16e34413067b30b6706659ca77becf907a92bafe6
|
|
4
|
+
data.tar.gz: 1b3fc0945e54e6eedf7e1fa27956cecfe46e80c8a43078f305343a9eb3497f50
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 70945896acf5a4497254bd631bcc427bde4051813c65d44d43567c0283a40c61a1ecefa547985ee481981a21e4bcf4d3380076fbc5816eed2fdc06a487553e64
|
|
7
|
+
data.tar.gz: bfba77e38f598db62a893ad356ad40485a9dfc768355357bc8242227991ecf8c24354f2f30e52d3afcf1d8f1c62b0fec15c7a2baec309c5b29d6b042918ff259
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,18 @@ Please notice that this change log contains changes for upcoming releases as wel
|
|
|
6
6
|
|
|
7
7
|
## Changes:
|
|
8
8
|
|
|
9
|
+
#### Change log v.0.7.48 (2022-06-28)
|
|
10
|
+
|
|
11
|
+
**Fix**: Fixes an issue with `pong` WebSocket frames when a client sends a WebSocket `ping`. Credit to Lucas Kuan (@lucaskuan) for finding this issue and for PR #124.
|
|
12
|
+
|
|
13
|
+
#### Change log v.0.7.47 (2022-05-11)
|
|
14
|
+
|
|
15
|
+
**Fix**: Fixes an issue that causes `Rack::Lint` to complain about `SERVER_PORT` being an empty string. Credit to @adam12 (Adam Daniels) for PR #108 and issue #107.
|
|
16
|
+
|
|
17
|
+
#### Change log v.0.7.46 (2022-05-06)
|
|
18
|
+
|
|
19
|
+
**Fix**: Fixes the (erroneous) default insertion of the `last-modified` header in order to both better express the intent of RFC 2616 and prevent conflict with the `Rack::ETag` middleware. Credit to @raxoft (Patrik Rak) for opening issue #122.
|
|
20
|
+
|
|
9
21
|
#### Change log v.0.7.45 (2021-11-26)
|
|
10
22
|
|
|
11
23
|
**Security**: Fixes a number of issues with the HTTP parser that could have been leveraged in potential exploit attempts such as request smuggling. Credit to @dcepelik (David Čepelík).
|
data/examples/etag.ru
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# This example uses Rack::ETag to allow for response caching.
|
|
2
|
+
|
|
3
|
+
require 'rack'
|
|
4
|
+
require 'iodine'
|
|
5
|
+
|
|
6
|
+
App = Proc.new do |env|
|
|
7
|
+
[200,
|
|
8
|
+
{ "Content-Type" => "text/html".freeze,
|
|
9
|
+
"Content-Length" => "16".freeze },
|
|
10
|
+
['Hello from Rack!'.freeze] ]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
use Rack::ConditionalGet
|
|
14
|
+
use Rack::ETag, 'public'
|
|
15
|
+
|
|
16
|
+
run App
|
data/ext/iodine/http.c
CHANGED
|
@@ -92,14 +92,12 @@ static inline void add_date(http_s *r) {
|
|
|
92
92
|
static uint64_t date_hash = 0;
|
|
93
93
|
if (!date_hash)
|
|
94
94
|
date_hash = fiobj_hash_string("date", 4);
|
|
95
|
-
static uint64_t mod_hash = 0;
|
|
96
|
-
if (!mod_hash)
|
|
97
|
-
mod_hash = fiobj_hash_string("last-modified", 13);
|
|
98
95
|
|
|
99
96
|
if (fio_last_tick().tv_sec > last_date_added) {
|
|
100
97
|
fio_lock(&date_lock);
|
|
101
98
|
if (fio_last_tick().tv_sec > last_date_added) { /* retest inside lock */
|
|
102
|
-
/* 32 chars are ok for a while, but http_time2str below has a buffer sized
|
|
99
|
+
/* 32 chars are ok for a while, but http_time2str below has a buffer sized
|
|
100
|
+
* 48 chars and does a memcpy ... */
|
|
103
101
|
FIOBJ tmp = fiobj_str_buf(32);
|
|
104
102
|
FIOBJ old = current_date;
|
|
105
103
|
fiobj_str_resize(
|
|
@@ -115,11 +113,6 @@ static inline void add_date(http_s *r) {
|
|
|
115
113
|
fiobj_hash_set(r->private_data.out_headers, HTTP_HEADER_DATE,
|
|
116
114
|
fiobj_dup(current_date));
|
|
117
115
|
}
|
|
118
|
-
if (r->status_str == FIOBJ_INVALID &&
|
|
119
|
-
!fiobj_hash_get2(r->private_data.out_headers, mod_hash)) {
|
|
120
|
-
fiobj_hash_set(r->private_data.out_headers, HTTP_HEADER_LAST_MODIFIED,
|
|
121
|
-
fiobj_dup(current_date));
|
|
122
|
-
}
|
|
123
116
|
}
|
|
124
117
|
|
|
125
118
|
struct header_writer_s {
|
|
@@ -2355,7 +2348,7 @@ static void init_cached_key_ptr(void) {
|
|
|
2355
2348
|
time_t *cached_tick = malloc(sizeof(time_t));
|
|
2356
2349
|
FIO_ASSERT_ALLOC(cached_tick);
|
|
2357
2350
|
memset(cached_tick, 0, sizeof(time_t));
|
|
2358
|
-
char *cached_httpdate = malloc(sizeof(char)*48);
|
|
2351
|
+
char *cached_httpdate = malloc(sizeof(char) * 48);
|
|
2359
2352
|
FIO_ASSERT_ALLOC(cached_tick);
|
|
2360
2353
|
memset(cached_httpdate, 0, 48);
|
|
2361
2354
|
size_t *cached_len = malloc(sizeof(size_t));
|
|
@@ -2401,28 +2394,24 @@ size_t http_time2str(char *target, const time_t t) {
|
|
|
2401
2394
|
|
|
2402
2395
|
/* Credit to Jonathan Leffler for the idea of a unified conditional */
|
|
2403
2396
|
#define hex_val(c) \
|
|
2404
|
-
(((c) >= '0' && (c) <= '9')
|
|
2405
|
-
|
|
2406
|
-
|
|
2407
|
-
|
|
2408
|
-
|
|
2409
|
-
|
|
2410
|
-
0; \
|
|
2411
|
-
}))
|
|
2397
|
+
(((c) >= '0' && (c) <= '9') ? ((c)-48) \
|
|
2398
|
+
: (((c) | 32) >= 'a' && ((c) | 32) <= 'f') ? (((c) | 32) - 87) \
|
|
2399
|
+
: ({ \
|
|
2400
|
+
return -1; \
|
|
2401
|
+
0; \
|
|
2402
|
+
}))
|
|
2412
2403
|
static inline int hex2byte(uint8_t *dest, const uint8_t *source) {
|
|
2413
2404
|
if (source[0] >= '0' && source[0] <= '9')
|
|
2414
2405
|
*dest = (source[0] - '0');
|
|
2415
|
-
else if ((source[0] >= 'a' && source[0] <= 'f')
|
|
2416
|
-
|
|
2417
|
-
*dest = (source[0] | 32) - 87;
|
|
2406
|
+
else if ((source[0] | 32) >= 'a' && (source[0] | 32) <= 'f')
|
|
2407
|
+
*dest = (source[0] | 32) - ('a' - 10);
|
|
2418
2408
|
else
|
|
2419
2409
|
return -1;
|
|
2420
2410
|
*dest <<= 4;
|
|
2421
2411
|
if (source[1] >= '0' && source[1] <= '9')
|
|
2422
2412
|
*dest |= (source[1] - '0');
|
|
2423
|
-
else if ((source[1] >= 'a' && source[1] <= 'f')
|
|
2424
|
-
|
|
2425
|
-
*dest |= (source[1] | 32) - 87;
|
|
2413
|
+
else if ((source[1] | 32) >= 'a' && (source[1] | 32) <= 'f')
|
|
2414
|
+
*dest |= (source[1] | 32) - ('a' - 10);
|
|
2426
2415
|
else
|
|
2427
2416
|
return -1;
|
|
2428
2417
|
return 0;
|
|
@@ -2561,9 +2550,7 @@ FIOBJ http_mimetype_find(char *file_ext, size_t file_ext_len) {
|
|
|
2561
2550
|
|
|
2562
2551
|
static pthread_key_t buffer_key;
|
|
2563
2552
|
static pthread_once_t buffer_once = PTHREAD_ONCE_INIT;
|
|
2564
|
-
static void init_buffer_key(void) {
|
|
2565
|
-
pthread_key_create(&buffer_key, free);
|
|
2566
|
-
}
|
|
2553
|
+
static void init_buffer_key(void) { pthread_key_create(&buffer_key, free); }
|
|
2567
2554
|
static void init_buffer_ptr(void) {
|
|
2568
2555
|
char *buffer = malloc(sizeof(char) * (LONGEST_FILE_EXTENSION_LENGTH + 1));
|
|
2569
2556
|
FIO_ASSERT_ALLOC(buffer);
|
data/ext/iodine/iodine_http.c
CHANGED
|
@@ -369,7 +369,6 @@ static inline VALUE copy2env(iodine_http_request_handle_s *handle) {
|
|
|
369
369
|
if (*pos == 0) {
|
|
370
370
|
rb_hash_aset(env, SERVER_NAME,
|
|
371
371
|
rb_enc_str_new(tmp.data, tmp.len, IodineBinaryEncoding));
|
|
372
|
-
rb_hash_aset(env, SERVER_PORT, QUERY_ESTRING);
|
|
373
372
|
} else {
|
|
374
373
|
rb_hash_aset(
|
|
375
374
|
env, SERVER_NAME,
|
|
@@ -869,7 +868,6 @@ static void initialize_env_template(void) {
|
|
|
869
868
|
rb_hash_aset(env_template_no_upgrade, REMOTE_ADDR, QUERY_STRING);
|
|
870
869
|
rb_hash_aset(env_template_no_upgrade, REQUEST_METHOD, QUERY_STRING);
|
|
871
870
|
rb_hash_aset(env_template_no_upgrade, SERVER_NAME, QUERY_STRING);
|
|
872
|
-
rb_hash_aset(env_template_no_upgrade, SERVER_PORT, QUERY_ESTRING);
|
|
873
871
|
rb_hash_aset(env_template_no_upgrade, SERVER_PROTOCOL, QUERY_STRING);
|
|
874
872
|
|
|
875
873
|
/* WebSocket upgrade support */
|
data/ext/iodine/iodine_rack_io.c
CHANGED
|
@@ -72,11 +72,7 @@ static rb_encoding *IodineBinaryEncoding;
|
|
|
72
72
|
|
|
73
73
|
inline static http_s *get_handle(VALUE obj) {
|
|
74
74
|
VALUE i = rb_ivar_get(obj, iodine_fd_var_id);
|
|
75
|
-
#ifdef __MINGW32__
|
|
76
75
|
return (http_s *)NUM2ULL(i);
|
|
77
|
-
#else
|
|
78
|
-
return (http_s *)FIX2ULONG(i);
|
|
79
|
-
#endif
|
|
80
76
|
}
|
|
81
77
|
|
|
82
78
|
/* *****************************************************************************
|
|
@@ -85,11 +81,7 @@ IO API
|
|
|
85
81
|
|
|
86
82
|
static inline FIOBJ get_data(VALUE self) {
|
|
87
83
|
VALUE i = rb_ivar_get(self, io_id);
|
|
88
|
-
#ifdef __MINGW32__
|
|
89
84
|
return (FIOBJ)NUM2ULL(i);
|
|
90
|
-
#else
|
|
91
|
-
return (FIOBJ)FIX2ULONG(i);
|
|
92
|
-
#endif
|
|
93
85
|
}
|
|
94
86
|
|
|
95
87
|
static VALUE rio_rewind(VALUE self) {
|
data/ext/iodine/websockets.c
CHANGED
|
@@ -28,7 +28,8 @@ Feel free to copy, use and enjoy according to the license provided.
|
|
|
28
28
|
|
|
29
29
|
#include <websocket_parser.h>
|
|
30
30
|
|
|
31
|
-
#if !defined(__BIG_ENDIAN__) && !defined(__LITTLE_ENDIAN__) &&
|
|
31
|
+
#if !defined(__BIG_ENDIAN__) && !defined(__LITTLE_ENDIAN__) && \
|
|
32
|
+
!defined(__MINGW32__)
|
|
32
33
|
#include <endian.h>
|
|
33
34
|
#if !defined(__BIG_ENDIAN__) && !defined(__LITTLE_ENDIAN__) && \
|
|
34
35
|
__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
|
@@ -183,15 +184,19 @@ static void websocket_on_protocol_ping(void *ws_p, void *msg_, uint64_t len) {
|
|
|
183
184
|
fio_write2(ws->fd, .data.buffer = buff, .length = len);
|
|
184
185
|
} else {
|
|
185
186
|
if (((ws_s *)ws)->is_client) {
|
|
186
|
-
fio_write2(ws->fd, .data.buffer = "\
|
|
187
|
+
fio_write2(ws->fd, .data.buffer = "\x8a\x80mask", .length = 6,
|
|
187
188
|
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
188
189
|
} else {
|
|
189
|
-
fio_write2(ws->fd, .data.buffer = "\
|
|
190
|
+
fio_write2(ws->fd, .data.buffer = "\x8a\x00", .length = 2,
|
|
190
191
|
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
191
192
|
}
|
|
192
193
|
}
|
|
194
|
+
FIO_LOG_DEBUG("Received ping and sent pong for Websocket %p (%d)", ws_p,
|
|
195
|
+
(int)(((ws_s *)ws_p)->fd));
|
|
193
196
|
}
|
|
194
197
|
static void websocket_on_protocol_pong(void *ws_p, void *msg, uint64_t len) {
|
|
198
|
+
FIO_LOG_DEBUG("Received pong for Websocket %p (%d)", ws_p,
|
|
199
|
+
(int)(((ws_s *)ws_p)->fd));
|
|
195
200
|
(void)len;
|
|
196
201
|
(void)msg;
|
|
197
202
|
(void)ws_p;
|
|
@@ -220,6 +225,7 @@ static void ws_ping(intptr_t fd, fio_protocol_s *ws) {
|
|
|
220
225
|
fio_write2(fd, .data.buffer = "\x89\x00", .length = 2,
|
|
221
226
|
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
222
227
|
}
|
|
228
|
+
FIO_LOG_DEBUG("Sent ping for Websocket %p (%d)", (void *)ws, (int)fd);
|
|
223
229
|
}
|
|
224
230
|
|
|
225
231
|
static void on_close(intptr_t uuid, fio_protocol_s *_ws) {
|
|
@@ -238,10 +244,10 @@ static uint8_t on_shutdown(intptr_t fd, fio_protocol_s *ws) {
|
|
|
238
244
|
if (ws && ((ws_s *)ws)->on_shutdown)
|
|
239
245
|
((ws_s *)ws)->on_shutdown((ws_s *)ws);
|
|
240
246
|
if (((ws_s *)ws)->is_client) {
|
|
241
|
-
fio_write2(fd, .data.buffer = "\
|
|
247
|
+
fio_write2(fd, .data.buffer = "\x88\x80MASK", .length = 6,
|
|
242
248
|
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
243
249
|
} else {
|
|
244
|
-
fio_write2(fd, .data.buffer = "\
|
|
250
|
+
fio_write2(fd, .data.buffer = "\x88\x00", .length = 2,
|
|
245
251
|
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
246
252
|
}
|
|
247
253
|
return 0;
|
|
@@ -728,8 +734,13 @@ int websocket_write(ws_s *ws, fio_str_info_s msg, uint8_t is_text) {
|
|
|
728
734
|
}
|
|
729
735
|
/** Closes a websocket connection. */
|
|
730
736
|
void websocket_close(ws_s *ws) {
|
|
731
|
-
|
|
732
|
-
|
|
737
|
+
if (ws->is_client) {
|
|
738
|
+
fio_write2(ws->fd, .data.buffer = "\x88\x80MASK", .length = 6,
|
|
739
|
+
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
740
|
+
} else {
|
|
741
|
+
fio_write2(ws->fd, .data.buffer = "\x88\x00", .length = 2,
|
|
742
|
+
.after.dealloc = FIO_DEALLOC_NOOP);
|
|
743
|
+
}
|
|
733
744
|
fio_close(ws->fd);
|
|
734
745
|
return;
|
|
735
746
|
}
|
data/lib/iodine/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iodine
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.48
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Boaz Segev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-06-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -145,6 +145,7 @@ files:
|
|
|
145
145
|
- examples/async_task.ru
|
|
146
146
|
- examples/config.ru
|
|
147
147
|
- examples/echo.ru
|
|
148
|
+
- examples/etag.ru
|
|
148
149
|
- examples/hello.ru
|
|
149
150
|
- examples/pubsub_engine.ru
|
|
150
151
|
- examples/redis.ru
|
|
@@ -244,7 +245,7 @@ licenses:
|
|
|
244
245
|
metadata:
|
|
245
246
|
allowed_push_host: https://rubygems.org
|
|
246
247
|
post_install_message: |-
|
|
247
|
-
Thank you for installing Iodine 0.7.
|
|
248
|
+
Thank you for installing Iodine 0.7.48.
|
|
248
249
|
Remember: if iodine supports your business, it's only fair to give value back (code contributions / donations).
|
|
249
250
|
rdoc_options: []
|
|
250
251
|
require_paths:
|
|
@@ -267,7 +268,7 @@ requirements:
|
|
|
267
268
|
- Ruby >= 2.5.0 recommended.
|
|
268
269
|
- TLS requires OpenSSL >= 1.1.0.
|
|
269
270
|
- Or Windows with Ruby >= 3.0.0 build with MingW and MingW as compiler.
|
|
270
|
-
rubygems_version: 3.2.
|
|
271
|
+
rubygems_version: 3.2.32
|
|
271
272
|
signing_key:
|
|
272
273
|
specification_version: 4
|
|
273
274
|
summary: iodine - a fast HTTP / Websocket Server with Pub/Sub support, optimized for
|