puma 5.6.7 → 5.6.8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.md +6 -1
- data/lib/puma/client.rb +27 -0
- data/lib/puma/const.rb +1 -1
- data/lib/puma/null_io.rb +0 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cc34dc2b7094b86d3eec5100455de02cdcfb14a2e382059565e06e512d5c40ac
|
4
|
+
data.tar.gz: 10080424606d3a4613f1b27b33199a048711da57e4b45a55f7e997346c64c419
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 18da16eff3311151ff29f868f07762d509541b1302dd6ff80bf323bb6fdd73da9d8bc32983a37b71e439faf4753e8110bdafb8f444df205b62f742376c980147
|
7
|
+
data.tar.gz: 89968813be0e066fc4de68dc439827d621d2d1803c58c64ee2df78f4d9baa4785fc7865d655990564ff52d9cd64ebc8d9dbc4be048334e0f8db954d83efaeef1
|
data/History.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
|
+
## 5.6.8 / 2023-01-08
|
2
|
+
|
3
|
+
* Security
|
4
|
+
* Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. ([GHSA-c2f4-cvqm-65w2](https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2))
|
5
|
+
|
1
6
|
## 5.6.7 / 2023-08-18
|
2
7
|
|
3
|
-
* Security
|
8
|
+
* Security
|
4
9
|
* Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
|
5
10
|
|
6
11
|
## 5.6.6 / 2023-06-21
|
data/lib/puma/client.rb
CHANGED
@@ -48,6 +48,14 @@ module Puma
|
|
48
48
|
CHUNK_VALID_ENDING = Const::LINE_END
|
49
49
|
CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize
|
50
50
|
|
51
|
+
# The maximum number of bytes we'll buffer looking for a valid
|
52
|
+
# chunk header.
|
53
|
+
MAX_CHUNK_HEADER_SIZE = 4096
|
54
|
+
|
55
|
+
# The maximum amount of excess data the client sends
|
56
|
+
# using chunk size extensions before we abort the connection.
|
57
|
+
MAX_CHUNK_EXCESS = 16 * 1024
|
58
|
+
|
51
59
|
# Content-Length header value validation
|
52
60
|
CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze
|
53
61
|
|
@@ -460,6 +468,7 @@ module Puma
|
|
460
468
|
@chunked_body = true
|
461
469
|
@partial_part_left = 0
|
462
470
|
@prev_chunk = ""
|
471
|
+
@excess_cr = 0
|
463
472
|
|
464
473
|
@body = Tempfile.new(Const::PUMA_TMP_BASE)
|
465
474
|
@body.unlink
|
@@ -541,6 +550,20 @@ module Puma
|
|
541
550
|
end
|
542
551
|
end
|
543
552
|
|
553
|
+
# Track the excess as a function of the size of the
|
554
|
+
# header vs the size of the actual data. Excess can
|
555
|
+
# go negative (and is expected to) when the body is
|
556
|
+
# significant.
|
557
|
+
# The additional of chunk_hex.size and 2 compensates
|
558
|
+
# for a client sending 1 byte in a chunked body over
|
559
|
+
# a long period of time, making sure that that client
|
560
|
+
# isn't accidentally eventually punished.
|
561
|
+
@excess_cr += (line.size - len - chunk_hex.size - 2)
|
562
|
+
|
563
|
+
if @excess_cr >= MAX_CHUNK_EXCESS
|
564
|
+
raise HttpParserError, "Maximum chunk excess detected"
|
565
|
+
end
|
566
|
+
|
544
567
|
len += 2
|
545
568
|
|
546
569
|
part = io.read(len)
|
@@ -568,6 +591,10 @@ module Puma
|
|
568
591
|
@partial_part_left = len - part.size
|
569
592
|
end
|
570
593
|
else
|
594
|
+
if @prev_chunk.size + chunk.size >= MAX_CHUNK_HEADER_SIZE
|
595
|
+
raise HttpParserError, "maximum size of chunk header exceeded"
|
596
|
+
end
|
597
|
+
|
571
598
|
@prev_chunk = line
|
572
599
|
return false
|
573
600
|
end
|
data/lib/puma/const.rb
CHANGED
@@ -100,7 +100,7 @@ module Puma
|
|
100
100
|
# too taxing on performance.
|
101
101
|
module Const
|
102
102
|
|
103
|
-
PUMA_VERSION = VERSION = "5.6.
|
103
|
+
PUMA_VERSION = VERSION = "5.6.8".freeze
|
104
104
|
CODE_NAME = "Birdie's Version".freeze
|
105
105
|
|
106
106
|
PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
|
data/lib/puma/null_io.rb
CHANGED
File without changes
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puma
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.6.
|
4
|
+
version: 5.6.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Evan Phoenix
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nio4r
|
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
- !ruby/object:Gem::Version
|
142
142
|
version: '0'
|
143
143
|
requirements: []
|
144
|
-
rubygems_version: 3.
|
144
|
+
rubygems_version: 3.5.3
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for
|