diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-12-08 22:02:45 +0000 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-12-09 06:34:37 +0800 |
commit | 3b2fc62dadd3c90038c168849b33c4ca6df058da (patch) | |
tree | 2724ad66053bd63b433c69b3b7bf8821351f71eb /t/rack-input-tests.ru | |
parent | 52f55529293e466a77090691d1fe06a7933c74a1 (diff) | |
download | unicorn-3b2fc62dadd3c90038c168849b33c4ca6df058da.tar.gz |
In case a request sends the header and buffer as one packet, TeeInput relying on accounting info from StreamInput is harmful as StreamInput will buffer in memory outside of TeeInput's control. This bug is triggered by calling env["rack.input"].size or env["rack.input"].rewind before to read.
Diffstat (limited to 't/rack-input-tests.ru')
-rw-r--r-- | t/rack-input-tests.ru | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/t/rack-input-tests.ru b/t/rack-input-tests.ru new file mode 100644 index 0000000..8c35630 --- /dev/null +++ b/t/rack-input-tests.ru @@ -0,0 +1,21 @@ +# SHA1 checksum generator +require 'digest/sha1' +use Rack::ContentLength +cap = 16384 +app = lambda do |env| + /\A100-continue\z/i =~ env['HTTP_EXPECT'] and + return [ 100, {}, [] ] + digest = Digest::SHA1.new + input = env['rack.input'] + input.size if env["PATH_INFO"] == "/size_first" + input.rewind if env["PATH_INFO"] == "/rewind_first" + if buf = input.read(rand(cap)) + begin + raise "#{buf.size} > #{cap}" if buf.size > cap + digest.update(buf) + end while input.read(rand(cap), buf) + end + + [ 200, {'Content-Type' => 'text/plain'}, [ digest.hexdigest << "\n" ] ] +end +run app |