puma 4.1.1 → 4.3.6

data/lib/puma/minissl/context_builder.rb

@@ -0,0 +1,76 @@
+module Puma
+  module MiniSSL
+    class ContextBuilder
+      def initialize(params, events)
+        require 'puma/minissl'
+        MiniSSL.check
+
+        @params = params
+        @events = events
+      end
+
+      def context
+        ctx = MiniSSL::Context.new
+
+        if defined?(JRUBY_VERSION)
+          unless params['keystore']
+            events.error "Please specify the Java keystore via 'keystore='"
+          end
+
+          ctx.keystore = params['keystore']
+
+          unless params['keystore-pass']
+            events.error "Please specify the Java keystore password  via 'keystore-pass='"
+          end
+
+          ctx.keystore_pass = params['keystore-pass']
+          ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
+        else
+          unless params['key']
+            events.error "Please specify the SSL key via 'key='"
+          end
+
+          ctx.key = params['key']
+
+          unless params['cert']
+            events.error "Please specify the SSL cert via 'cert='"
+          end
+
+          ctx.cert = params['cert']
+
+          if ['peer', 'force_peer'].include?(params['verify_mode'])
+            unless params['ca']
+              events.error "Please specify the SSL ca via 'ca='"
+            end
+          end
+
+          ctx.ca = params['ca'] if params['ca']
+          ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter']
+        end
+
+        ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true'
+        ctx.no_tlsv1_1 = true if params['no_tlsv1_1'] == 'true'
+
+        if params['verify_mode']
+          ctx.verify_mode = case params['verify_mode']
+                            when "peer"
+                              MiniSSL::VERIFY_PEER
+                            when "force_peer"
+                              MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
+                            when "none"
+                              MiniSSL::VERIFY_NONE
+                            else
+                              events.error "Please specify a valid verify_mode="
+                              MiniSSL::VERIFY_NONE
+                            end
+        end
+
+        ctx
+      end
+
+      private
+
+      attr_reader :params, :events
+    end
+  end
+end

data/lib/puma/plugin.rb

@@ -62,8 +62,11 @@ module Puma
     end
 
     def fire_background
-      @background.each do |b|
-        Thread.new(&b)
+      @background.each_with_index do |b, i|
+        Thread.new do
+          Puma.set_thread_name "plugin background #{i}"
+          b.call
+        end
       end
     end
   end

data/lib/puma/reactor.rb

@@ -225,7 +225,7 @@ module Puma
               # will be flooding them with errors when persistent connections
               # are closed.
               rescue ConnectionError
-                c.write_500
+                c.write_error(500)
                 c.close
 
                 clear_monitor mon
@@ -237,7 +237,8 @@ module Puma
                 ssl_socket = c.io
                 begin
                   addr = ssl_socket.peeraddr.last
-                rescue IOError
+                # EINVAL can happen when browser closes socket w/security exception
+                rescue IOError, Errno::EINVAL
                   addr = "<unknown>"
                 end
 
@@ -252,7 +253,7 @@ module Puma
               rescue HttpParserError => e
                 @server.lowlevel_error(e, c.env)
 
-                c.write_400
+                c.write_error(400)
                 c.close
 
                 clear_monitor mon
@@ -261,7 +262,7 @@ module Puma
               rescue StandardError => e
                 @server.lowlevel_error(e, c.env)
 
-                c.write_500
+                c.write_error(500)
                 c.close
 
                 clear_monitor mon
@@ -277,7 +278,7 @@ module Puma
             while @timeouts.first.value.timeout_at < now
               mon = @timeouts.shift
               c = mon.value
-              c.write_408 if c.in_data_phase
+              c.write_error(408) if c.in_data_phase
               c.close
 
               clear_monitor mon
@@ -307,6 +308,7 @@ module Puma
 
     def run_in_thread
       @thread = Thread.new do
+        Puma.set_thread_name "reactor"
         begin
           run_internal
         rescue StandardError => e

data/lib/puma/runner.rb

@@ -2,6 +2,7 @@
 
 require 'puma/server'
 require 'puma/const'
+require 'puma/minissl/context_builder'
 
 module Puma
   # Generic class that is used by `Puma::Cluster` and `Puma::Single` to
@@ -53,17 +54,23 @@ module Puma
 
       uri = URI.parse str
 
-      app = Puma::App::Status.new @launcher
-
       if token = @options[:control_auth_token]
-        app.auth_token = token unless token.empty? || token == 'none'
+        token = nil if token.empty? || token == 'none'
       end
 
+      app = Puma::App::Status.new @launcher, token
+
       control = Puma::Server.new app, @launcher.events
       control.min_threads = 0
       control.max_threads = 1
 
       case uri.scheme
+      when "ssl"
+          log "* Starting control server on #{str}"
+          params = Util.parse_query uri.query
+          ctx = MiniSSL::ContextBuilder.new(params, @events).context
+
+          control.add_ssl_listener uri.host, uri.port, ctx
       when "tcp"
         log "* Starting control server on #{str}"
         control.add_tcp_listener uri.host, uri.port

data/lib/puma/server.rb

@@ -9,13 +9,13 @@ require 'puma/null_io'
 require 'puma/reactor'
 require 'puma/client'
 require 'puma/binder'
-require 'puma/delegation'
 require 'puma/accept_nonblock'
 require 'puma/util'
 
 require 'puma/puma_http11'
 
 require 'socket'
+require 'forwardable'
 
 module Puma
 
@@ -32,7 +32,7 @@ module Puma
   class Server
 
     include Puma::Const
-    extend  Puma::Delegation
+    extend Forwardable
 
     attr_reader :thread
     attr_reader :events
@@ -89,10 +89,7 @@ module Puma
 
     attr_accessor :binder, :leak_stack_on_error, :early_hints
 
-    forward :add_tcp_listener,  :@binder
-    forward :add_ssl_listener,  :@binder
-    forward :add_unix_listener, :@binder
-    forward :connected_port,    :@binder
+    def_delegators :@binder, :add_tcp_listener, :add_ssl_listener, :add_unix_listener, :connected_port
 
     def inherit_binder(bind)
       @binder = bind
@@ -207,7 +204,10 @@ module Puma
       @events.fire :state, :running
 
       if background
-        @thread = Thread.new { handle_servers_lopez_mode }
+        @thread = Thread.new do
+          Puma.set_thread_name "server"
+          handle_servers_lopez_mode
+        end
         return @thread
       else
         handle_servers_lopez_mode
@@ -317,7 +317,7 @@ module Puma
 
           @events.ssl_error self, addr, cert, e
         rescue HttpParserError => e
-          client.write_400
+          client.write_error(400)
           client.close
 
           @events.parse_error self, client.env, e
@@ -351,7 +351,10 @@ module Puma
       @events.fire :state, :running
 
       if background
-        @thread = Thread.new { handle_servers }
+        @thread = Thread.new do
+          Puma.set_thread_name "server"
+          handle_servers
+        end
         return @thread
       else
         handle_servers
@@ -463,6 +466,8 @@ module Puma
         clean_thread_locals = @options[:clean_thread_locals]
         close_socket = true
 
+        requests = 0
+
         while true
           case handle_request(client, buffer)
           when false
@@ -476,7 +481,19 @@ module Puma
 
             ThreadPool.clean_thread_locals if clean_thread_locals
 
-            unless client.reset(@status == :run)
+            requests += 1
+
+            check_for_more_data = @status == :run
+
+            if requests >= MAX_FAST_INLINE
+              # This will mean that reset will only try to use the data it already
+              # has buffered and won't try to read more data. What this means is that
+              # every client, independent of their request speed, gets treated like a slow
+              # one once every MAX_FAST_INLINE requests.
+              check_for_more_data = false
+            end
+
+            unless client.reset(check_for_more_data)
               close_socket = false
               client.set_timeout @persistent_timeout
               @reactor.add client
@@ -505,7 +522,7 @@ module Puma
       rescue HttpParserError => e
         lowlevel_error(e, client.env)
 
-        client.write_400
+        client.write_error(400)
 
         @events.parse_error self, client.env, e
 
@@ -513,7 +530,7 @@ module Puma
       rescue StandardError => e
         lowlevel_error(e, client.env)
 
-        client.write_500
+        client.write_error(500)
 
         @events.unknown_error self, e, "Read"
 
@@ -640,6 +657,7 @@ module Puma
             headers.each_pair do |k, vs|
               if vs.respond_to?(:to_s) && !vs.to_s.empty?
                 vs.to_s.split(NEWLINE).each do |v|
+                  next if possible_header_injection?(v)
                   fast_write client, "#{k}: #{v}\r\n"
                 end
               else
@@ -654,6 +672,37 @@ module Puma
         }
       end
 
+      # Fixup any headers with , in the name to have _ now. We emit
+      # headers with , in them during the parse phase to avoid ambiguity
+      # with the - to _ conversion for critical headers. But here for
+      # compatibility, we'll convert them back. This code is written to
+      # avoid allocation in the common case (ie there are no headers
+      # with , in their names), that's why it has the extra conditionals.
+
+      to_delete = nil
+      to_add = nil
+
+      env.each do |k,v|
+        if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING"
+          if to_delete
+            to_delete << k
+          else
+            to_delete = [k]
+          end
+
+          unless to_add
+            to_add = {}
+          end
+
+          to_add[k.gsub(",", "_")] = v
+        end
+      end
+
+      if to_delete
+        to_delete.each { |k| env.delete(k) }
+        env.merge! to_add
+      end
+
       # A rack extension. If the app writes #call'ables to this
       # array, we will invoke them when the request is done.
       #
@@ -741,6 +790,7 @@ module Puma
         headers.each do |k, vs|
           case k.downcase
           when CONTENT_LENGTH2
+            next if possible_header_injection?(vs)
             content_length = vs
             next
           when TRANSFER_ENCODING
@@ -753,6 +803,7 @@ module Puma
 
           if vs.respond_to?(:to_s) && !vs.to_s.empty?
             vs.to_s.split(NEWLINE).each do |v|
+              next if possible_header_injection?(v)
               lines.append k, colon, v, line_ending
             end
           else
@@ -1023,5 +1074,10 @@ module Puma
     def shutting_down?
       @status == :stop || @status == :restart
     end
+
+    def possible_header_injection?(header_value)
+      HTTP_INJECTION_REGEX =~ header_value.to_s
+    end
+    private :possible_header_injection?
   end
 end

data/lib/puma/thread_pool.rb

@@ -87,8 +87,7 @@ module Puma
       @spawned += 1
 
       th = Thread.new(@spawned) do |spawned|
-        # Thread name is new in Ruby 2.3
-        Thread.current.name = 'puma %03i' % spawned if Thread.current.respond_to?(:name=)
+        Puma.set_thread_name 'threadpool %03i' % spawned
         todo  = @todo
         block = @block
         mutex = @mutex
@@ -190,7 +189,7 @@ module Puma
     # request, it might not be added to the `@todo` array right away.
     # For example if a slow client has only sent a header, but not a body
     # then the `@todo` array would stay the same size as the reactor works
-    # to try to buffer the request. In tha scenario the next call to this
+    # to try to buffer the request. In that scenario the next call to this
     # method would not block and another request would be added into the reactor
     # by the server. This would continue until a fully bufferend request
     # makes it through the reactor and can then be processed by the thread pool.
@@ -244,10 +243,12 @@ module Puma
       end
     end
 
-    class AutoTrim
-      def initialize(pool, timeout)
+    class Automaton
+      def initialize(pool, timeout, thread_name, message)
         @pool = pool
         @timeout = timeout
+        @thread_name = thread_name
+        @message = message
         @running = false
       end
 
@@ -255,8 +256,9 @@ module Puma
         @running = true
 
         @thread = Thread.new do
+          Puma.set_thread_name @thread_name
           while @running
-            @pool.trim
+            @pool.public_send(@message)
             sleep @timeout
           end
         end
@@ -269,36 +271,12 @@ module Puma
     end
 
     def auto_trim!(timeout=30)
-      @auto_trim = AutoTrim.new(self, timeout)
+      @auto_trim = Automaton.new(self, timeout, "threadpool trimmer", :trim)
       @auto_trim.start!
     end
 
-    class Reaper
-      def initialize(pool, timeout)
-        @pool = pool
-        @timeout = timeout
-        @running = false
-      end
-
-      def start!
-        @running = true
-
-        @thread = Thread.new do
-          while @running
-            @pool.reap
-            sleep @timeout
-          end
-        end
-      end
-
-      def stop
-        @running = false
-        @thread.wakeup
-      end
-    end
-
     def auto_reap!(timeout=5)
-      @reaper = Reaper.new(self, timeout)
+      @reaper = Automaton.new(self, timeout, "threadpool reaper", :reap)
       @reaper.start!
     end
 

data/lib/rack/handler/puma.rb

@@ -61,8 +61,6 @@ module Rack
         conf
       end
 
-
-
       def self.run(app, options = {})
         conf   = self.config(app, options)