webrick: do not hang acceptor on slow TLS connections
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
webrick: fix up r60172
By making the socket non-blocking in r60172, TLS/SSL negotiation
via the SSL_accept function must handle non-blocking sockets
properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
non-blocking socket, so it must use non-blocking logic of
OpenSSL::SSL::SSLSocket#accept_nonblock.
Thanks to MSP-Greg (Greg L) for finding this.
* lib/webrick/server.rb (start_thread): use SSL_accept properly
with non-blocking socket.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and revert r60189
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
EPROTO, and EINVAL on TLS negotiation errors the same way they
were ignored before r60172 in the accept_client method of the
main acceptor thread.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and r60208
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): fix non-local return
introduced in r60208
webrick: fix up r60172 and r60210
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): properly fix non-local return
introduced in r60208 and r60210
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61240 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
parse.y: fix line in rescue
* parse.y (set_line_body, primary): fix line number of bodystmt as
the beginning of the block. [ruby-core:79388] [Bug #13181]
parse.y: set_line_body is not used in ripper
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@60947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
fix --with-gmp (broken by r57490)
Looking at the generated shell script (also the autoconf manual), it
seems AC_SEARCH_LIBS() m4 macro does not define HAVE_LIBsomething C
preprocessor macros, unlike AC_CHECK_LIB() which does define them.
This previous change effectively killed building with GMP because
building that mode depends on existence of HAVE_LIBGMP. [Bug #13402]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59912 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/webrick/log.rb: sanitize any type of logs
It had failed to sanitize some type of exception messages. Reported and
patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59900 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
parse.y: empty hash in defined
* parse.y (command): NODE_ARRAY with NULL is invalid. traversal
in defined_expr0 is simplified than iseq_compile_each0.
[ruby-core:82113] [Bug #13756]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
string.c: fix false coderange
* string.c (rb_enc_str_scrub): enc can differ from the actual
encoding of the string, the cached coderange is useless then.
[ruby-core:82674] [Bug #13874]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59883 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
parse.y: primary should not be 0
* parse.y (primary): should not be 0, since it can be a receiver.
[ruby-core:82447] [Bug #13836]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59881 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
vm_method.c: alias warning at refined method
* vm_method.c (rb_method_entry_make): suppress a warning at
refined method which will not be redefined.
[ruby-core:82385] [Bug #13817]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
correct available length to ossl_asn1_decode() when decoding the
inner components of a constructed object. This can cause
out-of-bounds read if a crafted input given.
Reference: https://hackerone.com/reports/1703161648afef33
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59800 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
A HTTP Header value must not contain CR or LF.
to_str -> to_s
* lib/net/http/header.rb (set_field): `val` can not have `to_str`.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
REXML: Fix a bug that unexpected methods can be called as a XPath function
[HackerOne:249295]
Reported by Andrea Jegher. Thanks!!!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
compile.c: disallow next in once
* compile.c (iseq_compile_each0): turned dregx context in "once"
into "guarded" type from "block" type, to disallow `next`,
`break`, `redo` as well as outside "once".
[ruby-core:81805] [Bug #13690]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
encoding. fix test failures introduced at r59531 on some platforms.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59552 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
marshal.c: revert r57631 partially
* marshal.c (rb_marshal_dump_limited): do not free dump_arg, which
may be dereferenced in check_dump_arg due to continuation, and
get rid of dangling pointers.
* marshal.c (rb_marshal_load_with_proc): ditto for load_arg.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59551 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
fix TracePoint#return_value with non-local exits
* vm.c: get return_value from imemo_throw_data object (THROW_DATA_VAL()).
imemo_throw_data (TAG_BREAK) contains returned value.
However, imemo_throw_data (TAG_BREAK) can skip several frames so that
we need to use it only once (at most internal frame). To record it,
we introduced THROW_DATA_CONSUMED and check it.
* internal.h: define THROW_DATA_CONSUMED flag.
* test/ruby/test_settracefunc.rb: add tests for [Bug #13369]
* vm_insnhelper.h: add THROW_DATA_CONSUMED_P() and
THROW_DATA_CONSUMED_SET().
internal.h: parenthesize macro argument
* internal.h (THROW_DATA_P): parenthesize the argument which is
casted.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59547 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
strscan.c: fix segfault in aref
* ext/strscan/strscan.c (strscan_aref): fix segfault after
get_byte or getch which do not apply regexp.
[ruby-core:82116] [Bug #13759]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59545 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
configure.in: rpath with OPTDIR
* configure.in: add rpath flags which is needed for OPTDIR as well
as -L options, when it is given. [ruby-dev:50065] [Bug #13411]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
vm_insnhelper.c: break in once
* vm_insnhelper.c (vm_throw_start): size of catch table has been
included in iseq_catch_table struct, which could be NULL, since
2.2. e.g., proc-closure in `once'.
[ruby-core:81775] [Bug #13680]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
node.h: sign-extend
* node.h (nd_line): should sign-extend. shifting `VALUE` extends
with zero bits if `sizeof(VALUE)` equals to `sizeof(int)`. the
zero bits are truncated if `sizeof(VALUE)` is bigger enough.
[ruby-core:80920] [Bug #13523]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59541 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
until this case block is end. this is a part of r57971.
[Backport #13766]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59540 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
this patch contains r54158, r57410, r57631 and r57954.
Prevent GC by volatile [Bug #13150]
test/ruby/test_marshal.rb test_context_switch (load) and test_gc (dump)
are failed on FreeBSD 10.3 and gcc7 (FreeBSD Ports Collection) 7.0.0
20170115 (experimental); RB_GC_GUARD looks not worked well.
* include/ruby/ruby.h (RB_GC_GUARD): prevent guarded pointer from
optimization by using as an input to inline asm.
* ruby.h: remove comment
* include/ruby/ruby.h (RB_GC_GUARD): remove comment unsupported by
Solaris AS.
Hidden objects (klass == 0) are not visible to Ruby code invoked
from other threads or signal handlers, so they can never be
accessed from other contexts. This makes it safe to call
rb_gc_force_recycle on the object slot after releasing malloc
memory.
* marshal.c (rb_marshal_dump_limited): hide dump_arg and recycle when
done (rb_marshal_load_with_proc): hide load_arg and recycle when done
[ruby-core:79518]
* marshal.c (rb_marshal_dump_limited): do not free dump_arg, which
may be dereferenced in check_dump_arg due to continuation, and
get rid of dangling pointers.
* marshal.c (rb_marshal_load_with_proc): ditto for load_arg.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59539 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
eval.c: copy special exception
* eval.c (setup_exception): make unfrozen copy of special
exception before setting up a cause.
test_io.rb: separate a test
* test/ruby/test_io.rb (test_closed_stream_in_rescue): run in a
separated process.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/net/smtp.rb (tlsconnect): support timeout for TLS handshake.
[ruby-core:76893] [Bug #12678]
* lib/net/protocol.rb (ssl_socket_connect): new method to implement
timeout for TLS handshake.
* lib/net/http.rb (connect): use Net::Protocol#ssl_socket_connect.
* test/net/smtp/test_smtp.rb (test_tls_connect, test_tls_connect):
use Socket.tcp_server_sockets in case localhost is resolved to ::1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59533 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Zlib::GzipReader#pos underflows after calling #ungetbyte or #ungetc at start of file [Bug #13616]
patched by Andrew Haines <andrew@haines.org.nz> [ruby-core:81488]
zlib.c: fix unnormalized Fixnum
* ext/zlib/zlib.c (rb_gzfile_total_out): cast to long not to
result in an unsigned long to normalized to Fixnum on LLP64
platforms. [ruby-core:81488]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59532 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
optparse.rb: get rid of eval
* lib/optparse.rb: try Float() and Integer() instead of eval,
which does too much things.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59530 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
which fixes a real bug.
* thread.c (struct waiting_fd): declare
(rb_thread_io_blocking_region): use on-stack list waiter
(rb_notify_fd_close): walk vm->waiting_fds instead
(call_without_gvl): remove old field setting
(th_init): ditto
[Feature #9632]
* vm_core.h (typedef struct rb_vm_struct): add waiting_fds list
* (typedef struct rb_thread_struct): remove waiting_fd field
(rb_vm_living_threads_init): initialize waiting_fds list
This should fix bad interactions with test_race_gets_and_close
in test/ruby/test_io.rb since we ensure rb_notify_fd_close
continues returning the busy flag after enqueuing the interrupt.
* thread.c (rb_notify_fd_close): do not enqueue multiple interrupts
[ruby-core:81581] [Bug #13632]
* test/ruby/test_io.rb (test_single_exception_on_close):
new test based on script from Nikolay
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
from Cipher#initialize. This is effectively a revert of r32723
("Avoid possible SEGV from AES encryption/decryption", 2011-07-28).
the patch is derived from 8108e0a6db,
written by Kazuki Yamaguchi.
[Backport #8221]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/psych/psych.gemspec: bump version to 2.1.0.1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
pathname.rb: UNC root pathname needs a separator
* ext/pathname/lib/pathname.rb (Pathname#plus): UNC root pathname
needs a separator. File.basename returns "/" on UNC root, as
well as sole drive letter, even if it does not end with a
separator. [ruby-core:80900] [Bug #13515]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59240 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
rexml: add close tag check on end of document to StreamParser
[ruby-core:81593] [Bug #13636]
Reported by Anton Sivakov. Thanks!!!
* properties.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
array.c: check position to insert
* array.c (rb_ary_insert): check position to insert even if no
elements to be inserted. [ruby-core:81125] [Bug #13558]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59238 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
date_core.c: fix docs for %Z format
* ext/date/date_core.c: [DOC] fix documentation for %Z format
of {Date,DateTime}.strftime.
Reported by Damon Timm. Based on a patch by nano.
[ruby-core:79602] [Bug #13231] [Fix GH-1565]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59237 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
rss: Accept empty text element as valid element
Parser has been accepted it but XML serializer wasn't accepted.
Reported by stefano frabetti. Thanks!!!
[ruby-core:80965] [Bug #13531]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
X509_LOOKUP_load_file()
X509_LOOKUP_load_file(), which ends up calling
X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: [Backport #11033]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59235 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
