From 360f0d40d5cd35304cb01d1db33d1458af491b10 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Tue, 5 Jul 2016 06:58:41 +0000
Subject: proxy_pass: avoid TOCTTOU race when unbuffering, too

proxy_unbuffer is vulnerable to the same race condition
we avoided in commit 5328992829b2
("proxy_pass: fix race condition due to flawed hijack check")
---
 lib/yahns/proxy_http_response.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/yahns/proxy_http_response.rb b/lib/yahns/proxy_http_response.rb
index 0ca2c34..a37b387 100644
--- a/lib/yahns/proxy_http_response.rb
+++ b/lib/yahns/proxy_http_response.rb
@@ -13,10 +13,8 @@ module Yahns::HttpResponse # :nodoc:
   def proxy_unbuffer(wbuf, nxt = :ignore)
     @state = wbuf
     wbuf.req_res = nil if nxt.nil? && wbuf.respond_to?(:req_res=)
-    tc = Thread.current
-    tc[:yahns_fdmap].remember(self) # Yahns::HttpClient
-    tc[:yahns_queue].queue_mod(self, wbuf.busy == :wait_readable ?
-                               Yahns::Queue::QEV_RD : Yahns::Queue::QEV_WR)
+    proxy_wait_next(wbuf.busy == :wait_readable ? Yahns::Queue::QEV_RD :
+                    Yahns::Queue::QEV_WR)
     nxt
   end
 
-- 
cgit v1.2.3-24-ge0c7