This release removes uses of Kernel#open to avoid unintended
behaviors and make future auditing easier. [Misc #14216]
6 changes since 1.4.1:
webrick: httpauth requires regular files
webrick/httpservlet/cgi_runner.rb: remove unnecessary open
webrick: WEBrick::Log requires path arg when given string
webrick/httpservlet/*handler: use File.open
webrick/httputils: note Kernel#open behavior
webrick/httpservelet/cgi_runner: avoid IO#reopen on pathname
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen seems to behave strangely on Win32 based on the logs
posted by Greg for [Bug #14420]. Lets try to fix the issue by
using File.open explicitly (but not Kernel#open).
* lib/webrick/httpservelet/cgi_runner: use File.open explicitly
[Bug #14220]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
I don't know who uses the load_mime_types method; but it is
conceivable that a user would want to read the results of a
command instead of reading a regular file to load MIME types.
None of the WEBrick-related code in Ruby or default/bundled gems
seems to rely on this method; but it is likely 3rd-party code does.
* lib/webrick/httputils.rb (load_mime_types): note Kernel#open behavior
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Allowing a user to specify "| command" via Kernel#open is
nonsensical since we never read from the resultant IO.
* lib/webrick/log.rb (initialize): replace Kernel#open with File.open
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen already takes string path names as well as IO objects
(but not "| command" strings)
This makes further auditing for inadvertant code execution
easier. There's no actual bugfix or behavior change here,
as no external data is passed to cgi_runner.rb.
* lib/webrick/httpservlet/cgi_runner.rb: remove Kernel#open call
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61398 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/version.rb: change VERSION to 1.4.0
* lib/webrick/webrick.gemspec: require_relative for version,
update date and contact info
[Feature #13173]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61266 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61197 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
If uplevel keyword is given, the warning message is prepended
with caller file and line information and the string "warning: ".
The use of the uplevel keyword makes Kernel#warn format output
similar to how rb_warn formats output.
This patch modifies net/ftp and net/imap to use Kernel#warn
instead of $stderr.puts or $stderr.printf, since they are used
for printing warnings.
This makes lib/cgi/core and tempfile use $stderr.puts instead of
warn for debug logging, since they are used for debug printing
and not for warning.
This does not modify bundler, rubygems, or rdoc, as those are
maintained outside of ruby and probably wish to remain backwards
compatible with older ruby versions.
rb_warn_m code is originally from nobu, but I've changed it
so that it only includes the path and lineno from uplevel
(not the method), and also prepends the string "warning: ",
to make it more similar to rb_warn.
From: Jeremy Evans code@jeremyevans.net
Signed-off-by: Urabe Shyouhei shyouhei@ruby-lang.org
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
We must to ensure the @status ivar is set to :Running before
running StartCallback, otherwise Webrick::Server#stop will not
change the @status to :Shutdown properly.
Note: I have not been able to reproduce the original issue but
understood at least part of the problem and fixed it with this
commit. However, the original reporter (Peak Xu) was still able
to reproduce the problem on 1.9.2 p180 on Windows, so I'm not
sure what else might be going on. Ruby threading and
synchronization primitives have changed a lot since 1.9.2, so
maybe that was fixed elsewhere.
* lib/webrick/server.rb: call StartCallback sooner [Bug #4841]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61083 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
I never knew "format" was a global method alias for "sprintf";
so it was confusing to me. Normally, one would use "sprintf"
since it's also available in many other languages, but
Integer#to_s avoids parsing a format string so it's less
bug-prone.
Furthermore, favor string interpolation over String#<< since it
is easier for the VM to optimize memory allocation (as in r60320).
Interpolation also reduces method calls and memory overhead
for inline method cache.
Finally, ensure we clear all short-lived buffers for body
responses. A similar change was made and measured for Net::*
in r58840 showing a large memory reduction on some workloads.
* webrick/httpresponse.rb (send_body_io): favor String#to_s,
reduce method calls for String#<<,
clear `buf' when done,
avoid extra String#bytesize calls
* (send_body_string): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60586 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpresponse.rb (send_body): call send_body_proc
(send_body_proc): new method
(class ChunkedWrapper): new class
* test/webrick/test_httpresponse.rb (test_send_body_proc): new test
(test_send_body_proc_chunked): ditto
[Feature #855]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): properly fix non-local return
introduced in r60208 and r60210
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60211 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
EPROTO, and EINVAL on TLS negotiation errors the same way they
were ignored before r60172 in the accept_client method of the
main acceptor thread.
[Bug #14013] [Bug #14005]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60208 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
By making the socket non-blocking in r60172, TLS/SSL negotiation
via the SSL_accept function must handle non-blocking sockets
properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
non-blocking socket, so it must use non-blocking logic of
OpenSSL::SSL::SSLSocket#accept_nonblock.
Thanks to MSP-Greg (Greg L) for finding this.
* lib/webrick/server.rb (start_thread): use SSL_accept properly
with non-blocking socket.
[Bug #14013] [Bug #14005]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60189 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Since r51231 ("webrick/server.rb: stop immediately"),
there is no need to poll on the @status change every
two seconds.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60144 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sockets and pipes are always created with FMODE_SYNC flag
already set (otherwise many things would be broken).
* lib/webrick/server.rb (accept_client): remove unnecessary
IO#sync= call
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It had failed to sanitize some type of exception messages. Reported and
patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59897 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Added following gemspecs.
* extensions: date, dbm, etc, fiddle, gdbm, sdbm, stringio, strscan, zlib
* pure ruby libraries: cmath, csv, fileutils, scanf, webrick
psych and rdoc is out of scope of this commit. I will merge after
upstream was change to `frozen_string_literal: true`.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59115 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Bump version to 1.4.0.beta1. Because https://rubygems.org/gems/webrick
is already reserved old version of webrick.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Import gemspec and test file from ruby/webrick.
* webrick.gemspec: Update files and dependency for standalone gem.
* test/webrick/utils.rb: Added explicitly loading of EnvUtil for
test suite without ruby core test suite.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58473 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
There is no need to call Utils.getservername when the :ServerName option is
specified, so delay Utils.getservername until needed to avoid unnecessary
DNS lookups. [ruby-core:78492] [Bug #13007]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57014 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Symbol proc is less code and avoids confusion from variable
naming.
* lib/webrick/server.rb (shutdown): use symbol proc
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56889 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* IOError does not happen even if another thread closes io
* Use symbol proc
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56874 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Process.daemon exists since Ruby 1.9.1 and does most of what we need.
* lib/webrick/server.rb (Daemon.start): simplify
[Misc #12937]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56869 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
The monotonic clock is immune to system time changes and
a better option for implementing timing comparisons.
* lib/webrick/utils.rb (TimeoutHandler): use monotonic clock
(watch): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56417 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
disable reverse lookup by default. [ruby-core:45514] [Feature #6559]
Socket.do_not_reverse_lookup is true by default but WEBrick
overwrote it.
patch by Eric Hodel [ruby-core:45527]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55881 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httprequest.rb (setup_forwarded_info): Use the first
value in X-Forwarded-Proto, if header contains multiple comma
separated values. Some middlewares may add these values to the
list, not replacing. [Fix GH-1386]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
to invoke ssl server with command line.
[fix GH-1329] Patch by @kerlin
* test/webrick/test_ssl_server.rb: Added test for GH-1329
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
