Date | Commit message (Collapse) |
|
...instead of tripping an assertion.
This fixes a potential denial-of-service for servers exposed directly
to untrusted clients.
This bug does not affect supported Unicorn deployments as Unicorn is
only supported with trusted clients (such as nginx) on a LAN. nginx is
known to reject clients that send invalid Content-Length headers, so any
deployments on a trusted LAN and/or behind nginx are safe.
Servers affected by this bug include (but are not limited to) Rainbows!
and Zbatery. This does not affect Thin nor Mongrel which never got
request body filtering treatment that the Unicorn HTTP parser got in
August 2009.
|
|
Not fun, but maybe this can help us spot _real_ problems
more easily in the future.
|
|
Sometimes I end up hacking on 10-row high terminals
and need more context :x
|
|
This makes it easier for bug reporters to tell us what's
wrong in case line numbers change.
|
|
We need to declare constants for 64-bit off_t explicitly with
the "LL" suffix on 32-bit machines.
|
|
For comparing a raw memory space against a constant
|
|
|
|
Explicitly track if our request will need Content-Length
or chunked body decoding.
|
|
|
|
More tightly integrate the C/Ruby portions with C/Ragel to avoid
the confusing the flow. Split out some files into hopefully
logical areas so it's easier to focus on more
interesting/volatile code.
|