Yukihiro Matsumoto
12/30/2006 1:43:00 AM
Hi,
In message "Re: unsafe readline(), anything better?"
on Sat, 30 Dec 2006 04:55:04 +0900, Rob Muhlestein <rmuhlestein@yahoo.com> writes:
|Humm, from this last recent ruby CVS commit just today makes me wonder if
|matz is listening to this thread. If so, matz, thanks for getting me giddy
|about programming again, and thanks for taking a shot at addressing this!
I am listening. We still need update for Webrick. Here's the my
personal patch (not tested at all).
matz.
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@@ -317,10 +317,10 @@ module WEBrick
@remaining_size = 0
end
- def _read_data(io, method, arg)
+ def _read_data(io, method, *arg)
begin
WEBrick::Utils.timeout(@config[:RequestTimeout]){
- return io.__send__(method, arg)
+ return io.__send(method, *arg)
}
rescue Errno::ECONNRESET
return nil
@@ -330,7 +330,11 @@ module WEBrick
end
def read_line(io)
- _read_data(io, :gets, LF)
+ line = _read_data(io, :gets, [LF, 1024])
+ if line.size == 1024 and line[-1,1] != LF
+ raise HTTPStatus::RequestURITooLarge
+ end
+ line
end
def read_data(io, size)