rack 1.3.7 → 1.3.8

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack might be problematic. Click here for more details.

@@ -473,6 +473,12 @@ run on port 11211) and memcache-client installed.
473
473
  * Rack::BodyProxy now explicitly defines #each, useful for C extensions
474
474
  * Cookies that are not URI escaped no longer cause exceptions
475
475
 
476
+ * January 7th, 2013: Thirtieth public release 1.3.8
477
+ * Security: Prevent unbounded reads in large multipart boundaries
478
+
479
+ * January 7th, 2013: Thirty first public release 1.4.3
480
+ * Security: Prevent unbounded reads in large multipart boundaries
481
+
476
482
  == Contact
477
483
 
478
484
  Please post bugs, suggestions and patches to
@@ -78,9 +78,16 @@ module Rack
78
78
 
79
79
  def fast_forward_to_first_boundary
80
80
  loop do
81
- read_buffer = @io.gets
82
- break if read_buffer == full_boundary
83
- raise EOFError, "bad content body" if read_buffer.nil?
81
+ content = @io.read(BUFSIZE)
82
+ raise EOFError, "bad content body" unless content
83
+ @buf << content
84
+
85
+ while @buf.gsub!(/\A([^\n]*\n)/, '')
86
+ read_buffer = $1
87
+ return if read_buffer == full_boundary
88
+ end
89
+
90
+ raise EOFError, "bad content body" if Utils.bytesize(@buf) >= BUFSIZE
84
91
  end
85
92
  end
86
93
 
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "rack"
3
- s.version = "1.3.7"
3
+ s.version = "1.3.8"
4
4
  s.platform = Gem::Platform::RUBY
5
5
  s.summary = "a modular Ruby webserver interface"
6
6
 
@@ -48,6 +48,59 @@ describe Rack::Multipart do
48
48
  params['profile']['bio'].should.include 'hello'
49
49
  end
50
50
 
51
+ should "reject insanely long boundaries" do
52
+ # using a pipe since a tempfile can use up too much space
53
+ rd, wr = IO.pipe
54
+
55
+ # we only call rewind once at start, so make sure it succeeds
56
+ # and doesn't hit ESPIPE
57
+ def rd.rewind; end
58
+ wr.sync = true
59
+
60
+ # mock out length to make this pipe look like a Tempfile
61
+ def rd.length
62
+ 1024 * 1024 * 8
63
+ end
64
+
65
+ # write to a pipe in a background thread, this will write a lot
66
+ # unless Rack (properly) shuts down the read end
67
+ thr = Thread.new do
68
+ begin
69
+ wr.write("--AaB03x")
70
+
71
+ # make the initial boundary a few gigs long
72
+ longer = "0123456789" * 1024 * 1024
73
+ (1024 * 1024).times { wr.write(longer) }
74
+
75
+ wr.write("\r\n")
76
+ wr.write('Content-Disposition: form-data; name="a"; filename="a.txt"')
77
+ wr.write("\r\n")
78
+ wr.write("Content-Type: text/plain\r\n")
79
+ wr.write("\r\na")
80
+ wr.write("--AaB03x--\r\n")
81
+ wr.close
82
+ rescue => err # this is EPIPE if Rack shuts us down
83
+ err
84
+ end
85
+ end
86
+
87
+ fixture = {
88
+ "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
89
+ "CONTENT_LENGTH" => rd.length.to_s,
90
+ :input => rd,
91
+ }
92
+
93
+ env = Rack::MockRequest.env_for '/', fixture
94
+ lambda {
95
+ Rack::Multipart.parse_multipart(env)
96
+ }.should.raise(EOFError)
97
+ rd.close
98
+
99
+ err = thr.value
100
+ err.should.be.instance_of Errno::EPIPE
101
+ wr.close
102
+ end
103
+
51
104
  should "parse multipart upload with text file" do
52
105
  env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
53
106
  params = Rack::Multipart.parse_multipart(env)
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- hash: 21
4
+ hash: 11
5
5
  prerelease:
6
6
  segments:
7
7
  - 1
8
8
  - 3
9
- - 7
10
- version: 1.3.7
9
+ - 8
10
+ version: 1.3.8
11
11
  platform: ruby
12
12
  authors:
13
13
  - Christian Neukirchen
@@ -81,7 +81,7 @@ dependencies:
81
81
  requirements:
82
82
  - - ">="
83
83
  - !ruby/object:Gem::Version
84
- hash: 1777625759
84
+ hash: 4227346531
85
85
  segments:
86
86
  - 1
87
87
  - 2