puma 6.3.0 → 6.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +5 -0
- data/lib/puma/client.rb +15 -8
- data/lib/puma/const.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dcbde9283993550beb848a4f777bf9d33a1e163f5356cfeeb40be3eede72e7d0
|
|
4
|
+
data.tar.gz: 5394fdd8307e5a1fd40c7cf560d01565a6a9d69fd0fa0006ff6b28e483e627aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 473b3047986b69763e01fb3b3f7fc1137070cb041ae235e520216e568860295a3b0ed105e4c52ee1d3aa05353d1b247e0782a1aa7bde840a540200f21d84320b
|
|
7
|
+
data.tar.gz: 69e625526fcc0b7216a419326e172114ed0ba4c7842722c1f896ed4d2fd559e4b58ea31f95a7ca52d37f11b5930433cfa6faab3f510996a39b1de3d3ff46d2a7
|
data/History.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## 6.3.1 / 2023-08-18
|
|
2
|
+
|
|
3
|
+
* Security
|
|
4
|
+
* Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
|
|
5
|
+
|
|
1
6
|
## 6.3.0 / 2023-05-31
|
|
2
7
|
|
|
3
8
|
* Features
|
data/lib/puma/client.rb
CHANGED
|
@@ -49,7 +49,8 @@ module Puma
|
|
|
49
49
|
|
|
50
50
|
# chunked body validation
|
|
51
51
|
CHUNK_SIZE_INVALID = /[^\h]/.freeze
|
|
52
|
-
CHUNK_VALID_ENDING =
|
|
52
|
+
CHUNK_VALID_ENDING = Const::LINE_END
|
|
53
|
+
CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize
|
|
53
54
|
|
|
54
55
|
# Content-Length header value validation
|
|
55
56
|
CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze
|
|
@@ -382,8 +383,8 @@ module Puma
|
|
|
382
383
|
cl = @env[CONTENT_LENGTH]
|
|
383
384
|
|
|
384
385
|
if cl
|
|
385
|
-
# cannot contain characters that are not \d
|
|
386
|
-
if CONTENT_LENGTH_VALUE_INVALID.match? cl
|
|
386
|
+
# cannot contain characters that are not \d, or be empty
|
|
387
|
+
if CONTENT_LENGTH_VALUE_INVALID.match?(cl) || cl.empty?
|
|
387
388
|
raise HttpParserError, "Invalid Content-Length: #{cl.inspect}"
|
|
388
389
|
end
|
|
389
390
|
else
|
|
@@ -544,7 +545,7 @@ module Puma
|
|
|
544
545
|
|
|
545
546
|
while !io.eof?
|
|
546
547
|
line = io.gets
|
|
547
|
-
if line.end_with?(
|
|
548
|
+
if line.end_with?(CHUNK_VALID_ENDING)
|
|
548
549
|
# Puma doesn't process chunk extensions, but should parse if they're
|
|
549
550
|
# present, which is the reason for the semicolon regex
|
|
550
551
|
chunk_hex = line.strip[/\A[^;]+/]
|
|
@@ -556,13 +557,19 @@ module Puma
|
|
|
556
557
|
@in_last_chunk = true
|
|
557
558
|
@body.rewind
|
|
558
559
|
rest = io.read
|
|
559
|
-
|
|
560
|
-
if rest.bytesize < last_crlf_size
|
|
560
|
+
if rest.bytesize < CHUNK_VALID_ENDING_SIZE
|
|
561
561
|
@buffer = nil
|
|
562
|
-
@partial_part_left =
|
|
562
|
+
@partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize
|
|
563
563
|
return false
|
|
564
564
|
else
|
|
565
|
-
|
|
565
|
+
# if the next character is a CRLF, set buffer to everything after that CRLF
|
|
566
|
+
start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING)
|
|
567
|
+
CHUNK_VALID_ENDING_SIZE
|
|
568
|
+
else # we have started a trailer section, which we do not support. skip it!
|
|
569
|
+
rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2
|
|
570
|
+
end
|
|
571
|
+
|
|
572
|
+
@buffer = rest[start_of_rest..-1]
|
|
566
573
|
@buffer = nil if @buffer.empty?
|
|
567
574
|
set_ready
|
|
568
575
|
return true
|
data/lib/puma/const.rb
CHANGED
|
@@ -100,7 +100,7 @@ module Puma
|
|
|
100
100
|
# too taxing on performance.
|
|
101
101
|
module Const
|
|
102
102
|
|
|
103
|
-
PUMA_VERSION = VERSION = "6.3.
|
|
103
|
+
PUMA_VERSION = VERSION = "6.3.1"
|
|
104
104
|
CODE_NAME = "Mugi No Toki Itaru"
|
|
105
105
|
|
|
106
106
|
PUMA_SERVER_STRING = ["puma", PUMA_VERSION, CODE_NAME].join(" ").freeze
|