unicorn 0.97.0 → 0.97.1

data/GIT-VERSION-GEN

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v0.97.0.GIT
+DEF_VER=v0.97.1.GIT
 
 LF='
 '

data/ext/unicorn_http/c_util.h

@@ -108,8 +108,12 @@ static off_t parse_length(const char *value, size_t length)
 {
   off_t rv;
 
-  for (rv = 0; length-- && rv >= 0; ++value)
-    rv = step_incr(rv, *value, 10);
+  for (rv = 0; length-- && rv >= 0; ++value) {
+    if (*value >= '0' && *value <= '9')
+      rv = step_incr(rv, *value, 10);
+    else
+      return -1;
+  }
 
   return rv;
 }

data/lib/unicorn/const.rb

@@ -7,7 +7,7 @@ module Unicorn
   # gave about a 3% to 10% performance improvement over using the strings directly.
   # Symbols did not really improve things much compared to constants.
   module Const
-    UNICORN_VERSION="0.97.0"
+    UNICORN_VERSION="0.97.1"
 
     DEFAULT_HOST = "0.0.0.0" # default TCP listen host address
     DEFAULT_PORT = 8080      # default TCP listen port

data/test/unit/test_http_parser_ng.rb

@@ -416,4 +416,24 @@ class HttpParserNgTest < Test::Unit::TestCase
     end
   end
 
+  def test_negative_content_length
+    req = {}
+    str = "PUT / HTTP/1.1\r\n" \
+          "Content-Length: -1\r\n" \
+          "\r\n"
+    assert_raises(HttpParserError) do
+      @parser.headers(req, str)
+    end
+  end
+
+  def test_invalid_content_length
+    req = {}
+    str = "PUT / HTTP/1.1\r\n" \
+          "Content-Length: zzzzz\r\n" \
+          "\r\n"
+    assert_raises(HttpParserError) do
+      @parser.headers(req, str)
+    end
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: unicorn
 version: !ruby/object:Gem::Version 
-  version: 0.97.0
+  version: 0.97.1
 platform: ruby
 authors: 
 - Unicorn hackers
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-03-01 00:00:00 +00:00
+date: 2010-04-19 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency