diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-11-19 10:19:45 +0000 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-11-19 16:59:01 -0800 |
commit | c6ffae22748bc22d5ef88fea2a3ca67f480ee74b (patch) | |
tree | d64947098657f2bbdbca04a6db2e43645060a223 /t/sha1-random-size.ru | |
parent | 3cee07d750f678af92318c14110c803be3f9b97f (diff) | |
download | rainbows-c6ffae22748bc22d5ef88fea2a3ca67f480ee74b.tar.gz |
To avoid denial-of-service attacks, the wrappers need to intercept requests *before* they hit the memory allocator, so we need to reimplement the read(all) and gets cases to use smaller buffers whenever the application does not specify one.
Diffstat (limited to 't/sha1-random-size.ru')
-rw-r--r-- | t/sha1-random-size.ru | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/t/sha1-random-size.ru b/t/sha1-random-size.ru index f86d017..4ef5d7b 100644 --- a/t/sha1-random-size.ru +++ b/t/sha1-random-size.ru @@ -7,11 +7,25 @@ app = lambda do |env| return [ 100, {}, [] ] digest = Digest::SHA1.new input = env['rack.input'] - if buf = input.read(rand(cap)) - begin - raise "#{buf.size} > #{cap}" if buf.size > cap - digest.update(buf) - end while input.read(rand(cap), buf) + case env["PATH_INFO"] + when "/gets_read_mix" + warn "GETS_READ_MIX #{env['HTTP_TRANSFER_ENCODING'].inspect}" + if buf = input.gets + warn "input.rbuf: #{input.instance_variable_get(:@rbuf).inspect}" + begin + digest.update(buf) + warn "buf.size : #{buf.size}" + end while input.read(rand(cap), buf) + end + when "/each" + input.each { |buf| digest.update(buf) } + else + if buf = input.read(rand(cap)) + begin + raise "#{buf.size} > #{cap}" if buf.size > cap + digest.update(buf) + end while input.read(rand(cap), buf) + end end [ 200, {'Content-Type' => 'text/plain'}, [ digest.hexdigest << "\n" ] ] |