diff options
author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 08:06:39 +0000 |
---|---|---|
committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 08:06:39 +0000 |
commit | 2d41d88c4d213f56cd8cefe368699cee896129f1 (patch) | |
tree | 39719e1b0b961d9364d8e49a01fe5bb1db2b0761 /lib/webrick | |
parent | 6db6eb572b512998ccfde31610fe18f522d9ba86 (diff) | |
download | ruby-2d41d88c4d213f56cd8cefe368699cee896129f1.tar.gz |
webrick/httprequest: use InputBufferSize for chunked requests
While WEBrick::HTTPRequest#body provides a Proc interface
for streaming large request bodies, clients must not force
the server to use an excessively large chunk size.
* lib/webrick/httprequest.rb (read_chunk_size): limit each
read and block.call to :InputBufferSize in config.
* test/webrick/test_httpserver.rb (test_big_chunks): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62963 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/webrick')
-rw-r--r-- | lib/webrick/httprequest.rb | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index 44d605c58f..b40bcb0d57 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -509,12 +509,16 @@ module WEBrick def read_chunked(socket, block) chunk_size, = read_chunk_size(socket) while chunk_size > 0 - data = read_data(socket, chunk_size) # read chunk-data - if data.nil? || data.bytesize != chunk_size - raise HTTPStatus::BadRequest, "bad chunk data size." - end + begin + sz = [ chunk_size, @buffer_size ].min + data = read_data(socket, sz) # read chunk-data + if data.nil? || data.bytesize != sz + raise HTTPStatus::BadRequest, "bad chunk data size." + end + block.call(data) + end while (chunk_size -= sz) > 0 + read_line(socket) # skip CRLF - block.call(data) chunk_size, = read_chunk_size(socket) end read_header(socket) # trailer + CRLF |