iodine 0.7.31 → 0.7.32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of iodine might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/ext/iodine/http1.c +12 -4
- data/lib/iodine/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1176ef5b01b31595fe7cccdf6cad949354b5f733ae870a1b56be511d21b0a860
|
|
4
|
+
data.tar.gz: 15d65ddf131dbb20b40d4aceb6709abff2634b9a68c00e2a2f54480cbca1f9da
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 12e5c3799f8f85ec60f1e5a2c596e88d5fc4f8dd1704a82a9159c4d3a6894ac48d5adcf7f36c8ab346ad764573f361090790dc96938cf4804cd4369cb2879ce6
|
|
7
|
+
data.tar.gz: 8fedb5972019f22d202d5bad886c01645caadbe864d9b959d2a11f99c70ca038d4d8042b78751c05151da2a516c02f8aeccb05fb8a283d45e533726166cafd88
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,10 @@ Please notice that this change log contains changes for upcoming releases as wel
|
|
|
6
6
|
|
|
7
7
|
## Changes:
|
|
8
8
|
|
|
9
|
+
#### Change log v.0.7.32
|
|
10
|
+
|
|
11
|
+
**Fix**: (`http1`) fixes a race-condition between the `on_ready` and `on_data` events, that could result in the `on_data` event being called twice instead of once (only possible with some clients). On multi-threaded workers, this could result in the CPU spinning while the task lock remains busy. Credit to Néstor Coppi (@Shelvak) for exposing the issue and providing an example application with detailed reports. Issue #75.
|
|
12
|
+
|
|
9
13
|
#### Change log v.0.7.31
|
|
10
14
|
|
|
11
15
|
**Security**: a heap-overflow vulnerability was fixed in the WebSocket parser. This attack could have been triggered remotely by a maliciously crafted message-header. Credit to Dane (4cad@silvertoque) for exposing this issue and providing a Python script demonstrating the attack.
|
data/ext/iodine/http1.c
CHANGED
|
@@ -554,7 +554,7 @@ static int http1_on_request(http1_parser_s *parser) {
|
|
|
554
554
|
if (p->request.method && !p->stop)
|
|
555
555
|
http_finish(&p->request);
|
|
556
556
|
h1_reset(p);
|
|
557
|
-
return fio_is_closed(p->p.uuid);
|
|
557
|
+
return !p->close && fio_is_closed(p->p.uuid);
|
|
558
558
|
}
|
|
559
559
|
/** called when a response was received. */
|
|
560
560
|
static int http1_on_response(http1_parser_s *parser) {
|
|
@@ -563,7 +563,7 @@ static int http1_on_response(http1_parser_s *parser) {
|
|
|
563
563
|
if (p->request.status_str && !p->stop)
|
|
564
564
|
http_finish(&p->request);
|
|
565
565
|
h1_reset(p);
|
|
566
|
-
return fio_is_closed(p->p.uuid);
|
|
566
|
+
return !p->close && fio_is_closed(p->p.uuid);
|
|
567
567
|
}
|
|
568
568
|
/** called when a request method is parsed. */
|
|
569
569
|
static int http1_on_method(http1_parser_s *parser, char *method,
|
|
@@ -666,7 +666,9 @@ static int http1_on_body_chunk(http1_parser_s *parser, char *data,
|
|
|
666
666
|
|
|
667
667
|
/** called when a protocol error occurred. */
|
|
668
668
|
static int http1_on_error(http1_parser_s *parser) {
|
|
669
|
-
FIO_LOG_DEBUG("HTTP parser error."
|
|
669
|
+
FIO_LOG_DEBUG("HTTP parser error at HTTP/1.1 buffer position %zu/%zu",
|
|
670
|
+
parser->state.next - parser2http(parser)->buf,
|
|
671
|
+
parser2http(parser)->buf_len);
|
|
670
672
|
fio_close(parser2http(parser)->p.uuid);
|
|
671
673
|
return -1;
|
|
672
674
|
}
|
|
@@ -722,6 +724,7 @@ static inline void http1_consume_data(intptr_t uuid, http1pr_s *p) {
|
|
|
722
724
|
throttle:
|
|
723
725
|
/* throttle busy clients (slowloris) */
|
|
724
726
|
fio_suspend(uuid);
|
|
727
|
+
p->stop |= 4;
|
|
725
728
|
FIO_LOG_DEBUG("(HTTP/1,1) throttling client at %.*s",
|
|
726
729
|
(int)fio_peer_addr(uuid).len, fio_peer_addr(uuid).data);
|
|
727
730
|
}
|
|
@@ -752,7 +755,11 @@ static void http1_on_close(intptr_t uuid, fio_protocol_s *protocol) {
|
|
|
752
755
|
/** called when the connection was closed, but will not run concurrently */
|
|
753
756
|
static void http1_on_ready(intptr_t uuid, fio_protocol_s *protocol) {
|
|
754
757
|
/* resume slow clients from suspension */
|
|
755
|
-
|
|
758
|
+
http1pr_s *p = (http1pr_s *)protocol;
|
|
759
|
+
if ((p->stop & 4)) {
|
|
760
|
+
p->stop ^= 4;
|
|
761
|
+
fio_force_event(uuid, FIO_EVENT_ON_DATA);
|
|
762
|
+
}
|
|
756
763
|
(void)protocol;
|
|
757
764
|
}
|
|
758
765
|
|
|
@@ -769,6 +776,7 @@ static void http1_on_data_first_time(intptr_t uuid, fio_protocol_s *protocol) {
|
|
|
769
776
|
|
|
770
777
|
/* ensure future reads skip this first time HTTP/2.0 test */
|
|
771
778
|
p->p.protocol.on_data = http1_on_data;
|
|
779
|
+
/* Test fot HTTP/2.0 pre-knowledge */
|
|
772
780
|
if (i >= 24 && !memcmp(p->buf, "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", 24)) {
|
|
773
781
|
FIO_LOG_WARNING("client claimed unsupported HTTP/2 prior knowledge.");
|
|
774
782
|
fio_close(uuid);
|
data/lib/iodine/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iodine
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.32
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Boaz Segev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-06-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -202,7 +202,7 @@ licenses:
|
|
|
202
202
|
- MIT
|
|
203
203
|
metadata:
|
|
204
204
|
allowed_push_host: https://rubygems.org
|
|
205
|
-
post_install_message: 'Thank you for installing Iodine 0.7.
|
|
205
|
+
post_install_message: 'Thank you for installing Iodine 0.7.32.
|
|
206
206
|
|
|
207
207
|
'
|
|
208
208
|
rdoc_options: []
|