archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-15 16:44:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

merge revision(s) 36e057e26e

Browse source 
Loop with String#scan without creating substrings

Create the substrings necessary parts only, instead of cutting the
rest of the buffer.  Also removed a useless, probable typo, regexp.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67818 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
usa 2019-10-01 11:05:22 +00:00
parent 88387876af
commit 38d2d0dbd3
3 changed files with 25 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

19
lib/webrick/httpauth/digestauth.rb
View file

@ -290,23 +290,8 @@ module WEBrick
def split_param_value(string) def split_param_value(string)
ret = {} ret = {}
while string.bytesize != 0 string.scan(/\G\s*([\w\-.*%!]+)=\s*(?:\"((?>\\.|[^\"])*)\"|([^,\"]*))\s*,?/) do
case string ret[$1] = $3 || $2.gsub(/\\(.)/, "\\1")
when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/
key = $1
matched = $2
string = $'
ret[key] = matched.gsub(/\\(.)/, "\\1")
when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/
key = $1
matched = $2
string = $'
ret[key] = matched.clone
when /^s*^,/
string = $'
else
break
end
end end
ret ret
end end

22
test/webrick/test_httpauth.rb
View file

@ -292,6 +292,28 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase
} }
end end
def test_digest_auth_invalid
digest_auth = WEBrick::HTTPAuth::DigestAuth.new(Realm: 'realm', UserDB: '')
def digest_auth.error(fmt, *)
end
def digest_auth.try_bad_request(len)
request = {"Authorization" => %[Digest a="#{'\b'*len}]}
authenticate request, nil
end
bad_request = WEBrick::HTTPStatus::BadRequest
t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC)
assert_raise(bad_request) {digest_auth.try_bad_request(10)}
limit = (Process.clock_gettime(Process::CLOCK_MONOTONIC) - t0)
[20, 50, 100, 200].each do |len|
assert_raise(bad_request) do
Timeout.timeout(len*limit) {digest_auth.try_bad_request(len)}
end
end
end
private private
def credentials_for_request(user, password, params, body = nil) def credentials_for_request(user, password, params, body = nil)
cnonce = "hoge" cnonce = "hoge"

2
version.h
View file

@ -1,6 +1,6 @@
#define RUBY_VERSION "2.4.8" #define RUBY_VERSION "2.4.8"
#define RUBY_RELEASE_DATE "2019-10-01" #define RUBY_RELEASE_DATE "2019-10-01"
#define RUBY_PATCHLEVEL 358 #define RUBY_PATCHLEVEL 359
#define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_YEAR 2019
#define RUBY_RELEASE_MONTH 10 #define RUBY_RELEASE_MONTH 10