From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 5519920707; Tue, 5 Jul 2016 13:50:20 +0000 (UTC) From: Eric Wong To: yahns-public@yhbt.net Cc: Eric Wong Subject: [PATCH 1/3] proxy_pass: avoid TOCTTOU race when unbuffering, too Date: Tue, 5 Jul 2016 13:50:14 +0000 Message-Id: <20160705135016.14274-2-e@80x24.org> In-Reply-To: <20160705135016.14274-1-e@80x24.org> References: <20160705135016.14274-1-e@80x24.org> List-Id: proxy_unbuffer is vulnerable to the same race condition we avoided in commit 5328992829b2 ("proxy_pass: fix race condition due to flawed hijack check") --- lib/yahns/proxy_http_response.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/yahns/proxy_http_response.rb b/lib/yahns/proxy_http_response.rb index 0ca2c34..a37b387 100644 --- a/lib/yahns/proxy_http_response.rb +++ b/lib/yahns/proxy_http_response.rb @@ -13,10 +13,8 @@ module Yahns::HttpResponse # :nodoc: def proxy_unbuffer(wbuf, nxt = :ignore) @state = wbuf wbuf.req_res = nil if nxt.nil? && wbuf.respond_to?(:req_res=) - tc = Thread.current - tc[:yahns_fdmap].remember(self) # Yahns::HttpClient - tc[:yahns_queue].queue_mod(self, wbuf.busy == :wait_readable ? - Yahns::Queue::QEV_RD : Yahns::Queue::QEV_WR) + proxy_wait_next(wbuf.busy == :wait_readable ? Yahns::Queue::QEV_RD : + Yahns::Queue::QEV_WR) nxt end -- EW