From: Eric Wong <normalperson@yhbt.net> To: Dirkjan Bussink <dbussink@github.com> Cc: John Crepezzi <seejohnrun@github.com>, Kevin Sawicki <kevinsawicki@github.com>, unicorn-public@yhbt.net Subject: Re: Potential Unicorn vulnerability Date: Sat, 13 Mar 2021 02:26:15 +0000 [thread overview] Message-ID: <20210313022615.GA32198@dcvr> (raw) In-Reply-To: <66A68DD8-83EF-4C7A-80E8-3F1F7AB31670@github.com> Dirkjan Bussink <dbussink@github.com> wrote: > Ah yeah. So do you think that on top of the current patch we’d need > something like the attached patch (which moves the @request allocation), > or would only the latter patch be needed then? Not really, aside from the OobGC change and hijack test removal. Anyways, I've squashed the test removal, OobGC adjustment, and your 2nd patch together as commit c917ac526df214611ec33c21de2b070452ec8434 and pushed it out as the "v6-wip" branch. > In the latter case there’s still a bunch of logic for Rack hijack around > then which might not be needed at that point, but I’m not entirely sure > how that would look like. Yes, though there are also some other HTTP servers that use the parser. I prefer to minimize changes to the ext code at this point given the relative lack of C/Ragel-knowledgeable users compared to Ruby-knowledgeable
next prev parent reply other threads:[~2021-03-13 2:26 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <F6712BF3-A4DD-41EE-8252-B9799B35E618@github.com> [not found] ` <20210311030250.GA1266@dcvr> [not found] ` <7F6FD017-7802-4871-88A3-1E03D26D967C@github.com> 2021-03-12 9:41 ` Eric Wong 2021-03-12 11:14 ` Dirkjan Bussink 2021-03-12 12:00 ` Eric Wong 2021-03-12 12:24 ` Dirkjan Bussink 2021-03-13 2:26 ` Eric Wong [this message] 2021-03-13 2:31 ` [PATCH] http_request: drop unnecessary #clear call Eric Wong 2021-03-16 10:15 ` Potential Unicorn vulnerability Dirkjan Bussink 2021-03-16 10:31 ` Eric Wong 2021-03-17 8:03 ` Dirkjan Bussink 2021-03-17 8:47 ` Eric Wong 2021-03-19 13:55 ` Dirkjan Bussink
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://yhbt.net/unicorn/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210313022615.GA32198@dcvr \ --to=normalperson@yhbt.net \ --cc=dbussink@github.com \ --cc=kevinsawicki@github.com \ --cc=seejohnrun@github.com \ --cc=unicorn-public@yhbt.net \ --subject='Re: Potential Unicorn vulnerability' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: ../../unicorn.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).