puma 3.12.0 → 3.12.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bff4687b24c136075e00b45d5314fd6326b6240733fff22c706096d10d8ec965
-  data.tar.gz: db2020f983ba02f7403e50f9f9391bd2f20e811fa42121147d4cbaf619e1d8d3
+  metadata.gz: da843833fd17b4bb2283f4c5161a1aa9367a6613455b8fbf31bae49393db4f80
+  data.tar.gz: bd9259270bd27f8421827c66e7f515044f51a7672c3dc755836d2a6b1240e84d
 SHA512:
-  metadata.gz: d6d7efcb9aeb437c07f49cb5a589ed016d888acab08f130bb382f2d470b301ec40ce3df90fbe4cf989bc84468633b180894c60daca377346d283210e6fedba98
-  data.tar.gz: 2d45380434e8d88d534a27db1a1f843d70b925a64065d55ee637153669b3c78f1539bf4c84ee166ec90636ba3ee948a97540c0bdbac5cc3d68809c86874038f8
+  metadata.gz: 74d807145c97b7714c04ebf7858af57b1cdf00e87217b8a88428494718893f7670ffd27216c31164f57bd96984cd8e79f3c7f856d39c1b54c192965fe8ecdec8
+  data.tar.gz: e0616e41dceddc3b8aad69a5baab5b49007053d151bf2689de173495f3160900269bab94c539a47fe2bbdd2db1aab98a0df8177ece857a06bea6261c5d37a704

data/History.md

@@ -1,3 +1,35 @@
+## Master
+
+* x features
+
+* x bugfixes
+
+
+## 4.3.3 and 3.12.4 / 2020-02-28
+  * Bugfixes
+    * Fix: Fixes a problem where we weren't splitting headers correctly on newlines (#2132)
+  * Security
+    * Fix: Prevent HTTP Response splitting via CR in early hints.
+
+## 4.3.2 and 3.12.3 / 2020-02-27
+
+* Security
+  * Fix: Prevent HTTP Response splitting via CR/LF in header values. CVE-2020-5247.
+
+## 4.3.1 and 3.12.2 / 2019-12-05
+
+* Security
+  * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
+
+## 3.12.1 / 2019-03-19
+
+* 1 features
+  * Internal strings are frozen (#1649)
+* 3 bugfixes
+  * Fix chunked ending check (#1607)
+  * Rack handler should use provided default host (#1700)
+  * Better support for detecting runtimes that support `fork` (#1630)
+
 ## 3.12.0 / 2018-07-13
 
 * 5 features:

data/ext/puma_http11/http11_parser.c

@@ -14,12 +14,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }

data/ext/puma_http11/http11_parser.rl

@@ -12,12 +12,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }

data/ext/puma_http11/mini_ssl.c

@@ -433,6 +433,18 @@ void Init_mini_ssl(VALUE puma) {
   mod = rb_define_module_under(puma, "MiniSSL");
   eng = rb_define_class_under(mod, "Engine", rb_cObject);
 
+  // OpenSSL Build / Runtime/Load versions
+
+  /* Version of OpenSSL that Puma was compiled with */
+	rb_define_const(mod, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
+
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
+	/* Version of OpenSSL that Puma loaded with */
+	rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
+#else
+	rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+#endif
+
   rb_define_singleton_method(mod, "check", noop, 0);
 
   eError = rb_define_class_under(mod, "SSLError", rb_eStandardError);

data/lib/puma/binder.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'uri'
 require 'socket'
 
@@ -90,19 +92,19 @@ module Puma
         case uri.scheme
         when "tcp"
           if fd = @inherited_fds.delete(str)
-            logger.log "* Inherited #{str}"
             io = inherit_tcp_listener uri.host, uri.port, fd
+            logger.log "* Inherited #{str}"
           elsif sock = @activated_sockets.delete([ :tcp, uri.host, uri.port ])
-            logger.log "* Activated #{str}"
             io = inherit_tcp_listener uri.host, uri.port, sock
+            logger.log "* Activated #{str}"
           else
             params = Util.parse_query uri.query
 
             opt = params.key?('low_latency')
             bak = params.fetch('backlog', 1024).to_i
 
-            logger.log "* Listening on #{str}"
             io = add_tcp_listener uri.host, uri.port, opt, bak
+            logger.log "* Listening on #{str}"
           end
 
           @listeners << [str, io] if io
@@ -110,14 +112,12 @@ module Puma
           path = "#{uri.host}#{uri.path}".gsub("%20", " ")
 
           if fd = @inherited_fds.delete(str)
-            logger.log "* Inherited #{str}"
             io = inherit_unix_listener path, fd
+            logger.log "* Inherited #{str}"
           elsif sock = @activated_sockets.delete([ :unix, path ])
-            logger.log "* Activated #{str}"
             io = inherit_unix_listener path, sock
+            logger.log "* Activated #{str}"
           else
-            logger.log "* Listening on #{str}"
-
             umask = nil
             mode = nil
             backlog = 1024
@@ -139,6 +139,7 @@ module Puma
             end
 
             io = add_unix_listener path, umask, mode, backlog
+            logger.log "* Listening on #{str}"
           end
 
           @listeners << [str, io]
@@ -204,11 +205,11 @@ module Puma
             logger.log "* Inherited #{str}"
             io = inherit_ssl_listener fd, ctx
           elsif sock = @activated_sockets.delete([ :tcp, uri.host, uri.port ])
-            logger.log "* Activated #{str}"
             io = inherit_ssl_listener sock, ctx
+            logger.log "* Activated #{str}"
           else
-            logger.log "* Listening on #{str}"
             io = add_ssl_listener uri.host, uri.port, ctx
+            logger.log "* Listening on #{str}"
           end
 
           @listeners << [str, io] if io

data/lib/puma/cli.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'optparse'
 require 'uri'
 

data/lib/puma/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class IO
   # We need to use this for a jruby work around on both 1.8 and 1.9.
   # So this either creates the constant (on 1.8), or harmlessly
@@ -168,6 +170,7 @@ module Puma
           if len == 0
             @body.rewind
             rest = io.read
+            rest = rest[2..-1] if rest.start_with?("\r\n")
             @buffer = rest.empty? ? nil : rest
             @requests_served += 1
             @ready = true
@@ -241,8 +244,16 @@ module Puma
 
       te = @env[TRANSFER_ENCODING2]
 
-      if te && CHUNKED.casecmp(te) == 0
-        return setup_chunked_body(body)
+      if te
+        if te.include?(",")
+          te.split(",").each do |part|
+            if CHUNKED.casecmp(part.strip) == 0
+              return setup_chunked_body(body)
+            end
+          end
+        elsif CHUNKED.casecmp(te) == 0
+          return setup_chunked_body(body)
+        end
       end
 
       @chunked_body = false

data/lib/puma/cluster.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/runner'
 require 'puma/util'
 require 'puma/plugin'

data/lib/puma/commonlogger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   # Rack::CommonLogger forwards every request to the given +app+, and
   # logs a line in the

data/lib/puma/configuration.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/rack/builder'
 require 'puma/plugin'
 require 'puma/const'

data/lib/puma/const.rb

@@ -1,4 +1,6 @@
 #encoding: utf-8
+# frozen_string_literal: true
+
 module Puma
   class UnsupportedOption < RuntimeError
   end
@@ -98,7 +100,7 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "3.12.0".freeze
+    PUMA_VERSION = VERSION = "3.12.6".freeze
     CODE_NAME = "Llamas in Pajamas".freeze
     PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
 
@@ -116,6 +118,13 @@ module Puma
     # sending data back
     WRITE_TIMEOUT = 10
 
+    # How many requests to attempt inline before sending a client back to
+    # the reactor to be subject to normal ordering. The idea here is that
+    # we amortize the cost of going back to the reactor for a well behaved
+    # but very "greedy" client across 10 requests. This prevents a not
+    # well behaved client from monopolizing the thread forever.
+    MAX_FAST_INLINE = 10
+
     # The original URI requested by the client.
     REQUEST_URI= 'REQUEST_URI'.freeze
     REQUEST_PATH = 'REQUEST_PATH'.freeze
@@ -219,6 +228,7 @@ module Puma
     COLON = ": ".freeze
 
     NEWLINE = "\n".freeze
+    HTTP_INJECTION_REGEX = /[\r\n]/.freeze
 
     HIJACK_P = "rack.hijack?".freeze
     HIJACK = "rack.hijack".freeze

data/lib/puma/control_cli.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 require 'optparse'
-require 'puma/state_file'
-require 'puma/const'
-require 'puma/detect'
-require 'puma/configuration'
+require_relative 'state_file'
+require_relative 'const'
+require_relative 'detect'
+require_relative 'configuration'
 require 'uri'
 require 'socket'
 
@@ -129,7 +131,7 @@ module Puma
       uri = URI.parse @control_url
 
       # create server object by scheme
-      @server = case uri.scheme
+      server = case uri.scheme
                 when "tcp"
                   TCPSocket.new uri.host, uri.port
                 when "unix"
@@ -147,9 +149,9 @@ module Puma
           url = url + "?token=#{@control_auth_token}"
         end
 
-        @server << "GET #{url} HTTP/1.0\r\n\r\n"
+        server << "GET #{url} HTTP/1.0\r\n\r\n"
 
-        unless data = @server.read
+        unless data = server.read
           raise "Server closed connection before responding"
         end
 
@@ -172,8 +174,8 @@ module Puma
         message "Command #{@command} sent success"
         message response.last if @command == "stats" || @command == "gc-stats"
       end
-
-      @server.close
+    ensure
+      server.close if server && !server.closed?
     end
 
     def send_signal

data/lib/puma/convenient.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/launcher'
 require 'puma/configuration'
 

data/lib/puma/daemon_ext.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Process
 
   # This overrides the default version because it is broken if it

data/lib/puma/delegation.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   module Delegation
     def forward(what, who)

data/lib/puma/detect.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   IS_JRUBY = defined?(JRUBY_VERSION)
 

data/lib/puma/dsl.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   # The methods that are available for use inside the config file.
   # These same methods are used in Puma cli and the rack handler
@@ -55,6 +57,14 @@ module Puma
       @plugins.clear
     end
 
+    def set_default_host(host)
+      @options[:default_host] = host
+    end
+
+    def default_host
+      @options[:default_host] || Configuration::DefaultTCPHost
+    end
+
     def inject(&blk)
       instance_eval(&blk)
     end
@@ -138,7 +148,7 @@ module Puma
     # Define the TCP port to bind to. Use +bind+ for more advanced options.
     #
     def port(port, host=nil)
-      host ||= Configuration::DefaultTCPHost
+      host ||= default_host
       bind "tcp://#{host}:#{port}"
     end
 
@@ -493,7 +503,7 @@ module Puma
       when Hash
         if hdr = val[:header]
           @options[:remote_address] = :header
-          @options[:remote_address_header] = "HTTP_" + hdr.upcase.gsub("-", "_")
+          @options[:remote_address_header] = "HTTP_" + hdr.upcase.tr("-", "_")
         else
           raise "Invalid value for set_remote_address - #{val.inspect}"
         end

data/lib/puma/events.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/const'
 require "puma/null_io"
 require 'stringio'

data/lib/puma/io_buffer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/detect'
 
 if Puma.jruby?

data/lib/puma/java_io_buffer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'java'
 
 # Conservative native JRuby/Java implementation of IOBuffer

data/lib/puma/jruby_restart.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'ffi'
 
 module Puma

data/lib/puma/launcher.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/events'
 require 'puma/detect'
 
@@ -63,8 +65,8 @@ module Puma
 
       generate_restart_data
 
-      if clustered? && (Puma.jruby? || Puma.windows?)
-        unsupported 'worker mode not supported on JRuby or Windows'
+      if clustered? && !Process.respond_to?(:fork)
+        unsupported "worker mode not supported on #{RUBY_ENGINE} on this platform"
       end
 
       if @options[:daemon] && Puma.windows?

data/lib/puma/minissl.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 begin
   require 'io/wait'
   rescue LoadError

data/lib/puma/null_io.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   # Provides an IO-like object that always appears to contain no data.
   # Used as the value for rack.input when the request has no body.

data/lib/puma/plugin.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   class UnknownPlugin < RuntimeError; end
 

data/lib/puma/rack/builder.rb

@@ -110,7 +110,8 @@ module Puma::Rack
 
           has_options = false
           server.valid_options.each do |name, description|
-            next if name.to_s.match(/^(Host|Port)[^a-zA-Z]/) # ignore handler's host and port options, we do our own.
+            next if name.to_s =~ /^(Host|Port)[^a-zA-Z]/ # ignore handler's host and port options, we do our own.
+
             info << "  -O %-21s %s" % [name, description]
             has_options = true
           end

data/lib/puma/reactor.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/util'
 require 'puma/minissl'
 

data/lib/puma/runner.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/server'
 require 'puma/const'
 

data/lib/puma/server.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'stringio'
 
 require 'puma/thread_pool'
@@ -468,6 +470,8 @@ module Puma
         clean_thread_locals = @options[:clean_thread_locals]
         close_socket = true
 
+        requests = 0
+
         while true
           case handle_request(client, buffer)
           when false
@@ -481,7 +485,19 @@ module Puma
 
             ThreadPool.clean_thread_locals if clean_thread_locals
 
-            unless client.reset(@status == :run)
+            requests += 1
+
+            check_for_more_data = @status == :run
+
+            if requests >= MAX_FAST_INLINE
+              # This will mean that reset will only try to use the data it already
+              # has buffered and won't try to read more data. What this means is that
+              # every client, independent of their request speed, gets treated like a slow
+              # one once every MAX_FAST_INLINE requests.
+              check_for_more_data = false
+            end
+
+            unless client.reset(check_for_more_data)
               close_socket = false
               client.set_timeout @persistent_timeout
               @reactor.add client
@@ -637,6 +653,7 @@ module Puma
           headers.each_pair do |k, vs|
             if vs.respond_to?(:to_s) && !vs.to_s.empty?
               vs.to_s.split(NEWLINE).each do |v|
+                next if possible_header_injection?(v)
                 fast_write client, "#{k}: #{v}\r\n"
               end
             else
@@ -648,6 +665,37 @@ module Puma
         }
       end
 
+      # Fixup any headers with , in the name to have _ now. We emit
+      # headers with , in them during the parse phase to avoid ambiguity
+      # with the - to _ conversion for critical headers. But here for
+      # compatibility, we'll convert them back. This code is written to
+      # avoid allocation in the common case (ie there are no headers
+      # with , in their names), that's why it has the extra conditionals.
+
+      to_delete = nil
+      to_add = nil
+
+      env.each do |k,v|
+        if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING"
+          if to_delete
+            to_delete << k
+          else
+            to_delete = [k]
+          end
+
+          unless to_add
+            to_add = {}
+          end
+
+          to_add[k.gsub(",", "_")] = v
+        end
+      end
+
+      if to_delete
+        to_delete.each { |k| env.delete(k) }
+        env.merge! to_add
+      end
+
       # A rack extension. If the app writes #call'ables to this
       # array, we will invoke them when the request is done.
       #
@@ -735,6 +783,7 @@ module Puma
         headers.each do |k, vs|
           case k.downcase
           when CONTENT_LENGTH2
+            next if possible_header_injection?(vs)
             content_length = vs
             next
           when TRANSFER_ENCODING
@@ -747,6 +796,7 @@ module Puma
 
           if vs.respond_to?(:to_s) && !vs.to_s.empty?
             vs.to_s.split(NEWLINE).each do |v|
+              next if possible_header_injection?(v)
               lines.append k, colon, v, line_ending
             end
           else
@@ -1013,5 +1063,10 @@ module Puma
     def shutting_down?
       @status == :stop || @status == :restart
     end
+
+    def possible_header_injection?(header_value)
+      HTTP_INJECTION_REGEX =~ header_value.to_s
+    end
+    private :possible_header_injection?
   end
 end

data/lib/puma/single.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puma/runner'
 require 'puma/detect'
 require 'puma/plugin'

data/lib/puma/state_file.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'yaml'
 
 module Puma

data/lib/puma/tcp_logger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Puma
   class TCPLogger
     def initialize(logger, app, quiet=false)

data/lib/puma/thread_pool.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'thread'
 
 module Puma

data/lib/puma/util.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 major, minor, patch = RUBY_VERSION.split('.').map { |v| v.to_i }
 
 if major == 1 && minor == 9 && patch == 3 && RUBY_PATCHLEVEL < 125

data/lib/rack/handler/puma.rb

@@ -49,6 +49,9 @@ module Rack
             self.set_host_port_to_config(host, port, user_config)
           end
 
+          if default_options[:Host]
+            file_config.set_default_host(default_options[:Host])
+          end
           self.set_host_port_to_config(default_options[:Host], default_options[:Port], default_config)
 
           user_config.app app

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puma
 version: !ruby/object:Gem::Version
-  version: 3.12.0
+  version: 3.12.6
 platform: ruby
 authors:
 - Evan Phoenix
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-13 00:00:00.000000000 Z
+date: 2020-05-19 00:00:00.000000000 Z
 dependencies: []
 description: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server
   for Ruby/Rack applications. Puma is intended for use in both development and production
@@ -123,8 +123,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for