puma 5.6.6 → 5.6.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.md +5 -0
- data/lib/puma/client.rb +15 -8
- data/lib/puma/const.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f1995d9f43f5297e945ba772d6fa72f814ef2878a6c819ab16774cfab9cf73e
|
|
4
|
+
data.tar.gz: f19f67fa86baadcfd6597212ccf50ca1c8dd7879d9920a7a7cf19839a0c4ede4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 335b387a7b47b246c3970cbd98556053627e2ef16b00d738a26ac8b67db8847f43b96ebfaddc695ea101a8c9aa9b8189e97b728aaf2596f74e4bbd32d30476f4
|
|
7
|
+
data.tar.gz: 02e6d936b3118718c2e9023b8ac512c82ddfed052ccdae9a64965a9d994589ff8f98cdcdad15e6b5c01bbc0bd0cc3ddf203afdb1c7be3ec9c81c26ee2e9479a2
|
data/History.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## 5.6.7 / 2023-08-18
|
|
2
|
+
|
|
3
|
+
* Security
|
|
4
|
+
* Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
|
|
5
|
+
|
|
1
6
|
## 5.6.6 / 2023-06-21
|
|
2
7
|
|
|
3
8
|
* Bugfix
|
data/lib/puma/client.rb
CHANGED
|
@@ -45,7 +45,8 @@ module Puma
|
|
|
45
45
|
|
|
46
46
|
# chunked body validation
|
|
47
47
|
CHUNK_SIZE_INVALID = /[^\h]/.freeze
|
|
48
|
-
CHUNK_VALID_ENDING =
|
|
48
|
+
CHUNK_VALID_ENDING = Const::LINE_END
|
|
49
|
+
CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize
|
|
49
50
|
|
|
50
51
|
# Content-Length header value validation
|
|
51
52
|
CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze
|
|
@@ -347,8 +348,8 @@ module Puma
|
|
|
347
348
|
cl = @env[CONTENT_LENGTH]
|
|
348
349
|
|
|
349
350
|
if cl
|
|
350
|
-
# cannot contain characters that are not \d
|
|
351
|
-
if cl =~ CONTENT_LENGTH_VALUE_INVALID
|
|
351
|
+
# cannot contain characters that are not \d, or be empty
|
|
352
|
+
if cl =~ CONTENT_LENGTH_VALUE_INVALID || cl.empty?
|
|
352
353
|
raise HttpParserError, "Invalid Content-Length: #{cl.inspect}"
|
|
353
354
|
end
|
|
354
355
|
else
|
|
@@ -509,7 +510,7 @@ module Puma
|
|
|
509
510
|
|
|
510
511
|
while !io.eof?
|
|
511
512
|
line = io.gets
|
|
512
|
-
if line.end_with?(
|
|
513
|
+
if line.end_with?(CHUNK_VALID_ENDING)
|
|
513
514
|
# Puma doesn't process chunk extensions, but should parse if they're
|
|
514
515
|
# present, which is the reason for the semicolon regex
|
|
515
516
|
chunk_hex = line.strip[/\A[^;]+/]
|
|
@@ -521,13 +522,19 @@ module Puma
|
|
|
521
522
|
@in_last_chunk = true
|
|
522
523
|
@body.rewind
|
|
523
524
|
rest = io.read
|
|
524
|
-
|
|
525
|
-
if rest.bytesize < last_crlf_size
|
|
525
|
+
if rest.bytesize < CHUNK_VALID_ENDING_SIZE
|
|
526
526
|
@buffer = nil
|
|
527
|
-
@partial_part_left =
|
|
527
|
+
@partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize
|
|
528
528
|
return false
|
|
529
529
|
else
|
|
530
|
-
|
|
530
|
+
# if the next character is a CRLF, set buffer to everything after that CRLF
|
|
531
|
+
start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING)
|
|
532
|
+
CHUNK_VALID_ENDING_SIZE
|
|
533
|
+
else # we have started a trailer section, which we do not support. skip it!
|
|
534
|
+
rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2
|
|
535
|
+
end
|
|
536
|
+
|
|
537
|
+
@buffer = rest[start_of_rest..-1]
|
|
531
538
|
@buffer = nil if @buffer.empty?
|
|
532
539
|
set_ready
|
|
533
540
|
return true
|
data/lib/puma/const.rb
CHANGED
|
@@ -100,7 +100,7 @@ module Puma
|
|
|
100
100
|
# too taxing on performance.
|
|
101
101
|
module Const
|
|
102
102
|
|
|
103
|
-
PUMA_VERSION = VERSION = "5.6.
|
|
103
|
+
PUMA_VERSION = VERSION = "5.6.7".freeze
|
|
104
104
|
CODE_NAME = "Birdie's Version".freeze
|
|
105
105
|
|
|
106
106
|
PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
|