rack 1.3.7 → 1.3.8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- data/README.rdoc +6 -0
- data/lib/rack/multipart/parser.rb +10 -3
- data/rack.gemspec +1 -1
- data/test/spec_multipart.rb +53 -0
- metadata +4 -4
data/README.rdoc
CHANGED
@@ -473,6 +473,12 @@ run on port 11211) and memcache-client installed.
|
|
473
473
|
* Rack::BodyProxy now explicitly defines #each, useful for C extensions
|
474
474
|
* Cookies that are not URI escaped no longer cause exceptions
|
475
475
|
|
476
|
+
* January 7th, 2013: Thirtieth public release 1.3.8
|
477
|
+
* Security: Prevent unbounded reads in large multipart boundaries
|
478
|
+
|
479
|
+
* January 7th, 2013: Thirty first public release 1.4.3
|
480
|
+
* Security: Prevent unbounded reads in large multipart boundaries
|
481
|
+
|
476
482
|
== Contact
|
477
483
|
|
478
484
|
Please post bugs, suggestions and patches to
|
@@ -78,9 +78,16 @@ module Rack
|
|
78
78
|
|
79
79
|
def fast_forward_to_first_boundary
|
80
80
|
loop do
|
81
|
-
|
82
|
-
|
83
|
-
|
81
|
+
content = @io.read(BUFSIZE)
|
82
|
+
raise EOFError, "bad content body" unless content
|
83
|
+
@buf << content
|
84
|
+
|
85
|
+
while @buf.gsub!(/\A([^\n]*\n)/, '')
|
86
|
+
read_buffer = $1
|
87
|
+
return if read_buffer == full_boundary
|
88
|
+
end
|
89
|
+
|
90
|
+
raise EOFError, "bad content body" if Utils.bytesize(@buf) >= BUFSIZE
|
84
91
|
end
|
85
92
|
end
|
86
93
|
|
data/rack.gemspec
CHANGED
data/test/spec_multipart.rb
CHANGED
@@ -48,6 +48,59 @@ describe Rack::Multipart do
|
|
48
48
|
params['profile']['bio'].should.include 'hello'
|
49
49
|
end
|
50
50
|
|
51
|
+
should "reject insanely long boundaries" do
|
52
|
+
# using a pipe since a tempfile can use up too much space
|
53
|
+
rd, wr = IO.pipe
|
54
|
+
|
55
|
+
# we only call rewind once at start, so make sure it succeeds
|
56
|
+
# and doesn't hit ESPIPE
|
57
|
+
def rd.rewind; end
|
58
|
+
wr.sync = true
|
59
|
+
|
60
|
+
# mock out length to make this pipe look like a Tempfile
|
61
|
+
def rd.length
|
62
|
+
1024 * 1024 * 8
|
63
|
+
end
|
64
|
+
|
65
|
+
# write to a pipe in a background thread, this will write a lot
|
66
|
+
# unless Rack (properly) shuts down the read end
|
67
|
+
thr = Thread.new do
|
68
|
+
begin
|
69
|
+
wr.write("--AaB03x")
|
70
|
+
|
71
|
+
# make the initial boundary a few gigs long
|
72
|
+
longer = "0123456789" * 1024 * 1024
|
73
|
+
(1024 * 1024).times { wr.write(longer) }
|
74
|
+
|
75
|
+
wr.write("\r\n")
|
76
|
+
wr.write('Content-Disposition: form-data; name="a"; filename="a.txt"')
|
77
|
+
wr.write("\r\n")
|
78
|
+
wr.write("Content-Type: text/plain\r\n")
|
79
|
+
wr.write("\r\na")
|
80
|
+
wr.write("--AaB03x--\r\n")
|
81
|
+
wr.close
|
82
|
+
rescue => err # this is EPIPE if Rack shuts us down
|
83
|
+
err
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
fixture = {
|
88
|
+
"CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
|
89
|
+
"CONTENT_LENGTH" => rd.length.to_s,
|
90
|
+
:input => rd,
|
91
|
+
}
|
92
|
+
|
93
|
+
env = Rack::MockRequest.env_for '/', fixture
|
94
|
+
lambda {
|
95
|
+
Rack::Multipart.parse_multipart(env)
|
96
|
+
}.should.raise(EOFError)
|
97
|
+
rd.close
|
98
|
+
|
99
|
+
err = thr.value
|
100
|
+
err.should.be.instance_of Errno::EPIPE
|
101
|
+
wr.close
|
102
|
+
end
|
103
|
+
|
51
104
|
should "parse multipart upload with text file" do
|
52
105
|
env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
|
53
106
|
params = Rack::Multipart.parse_multipart(env)
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 11
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 3
|
9
|
-
-
|
10
|
-
version: 1.3.
|
9
|
+
- 8
|
10
|
+
version: 1.3.8
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Christian Neukirchen
|
@@ -81,7 +81,7 @@ dependencies:
|
|
81
81
|
requirements:
|
82
82
|
- - ">="
|
83
83
|
- !ruby/object:Gem::Version
|
84
|
-
hash:
|
84
|
+
hash: 4227346531
|
85
85
|
segments:
|
86
86
|
- 1
|
87
87
|
- 2
|