File chunked-request-handling.patch of Package rubygem-puma.15815

Overview Repositories Revisions Requests Users Attributes Meta

File chunked-request-handling.patch of Package rubygem-puma.15815

commit b01169b5a98bc703b0e10a66f10ad57f3b8ad4cd
Author: Evan Phoenix <evan@phx.io>
Date:   Sun Jul 24 22:02:23 2016 -0700

Implement chunked request handling. Fixes #620
    
    (cherry picked from commit 5ec232d1d47283195275acccf8d53010b22416f2)
    
    Packager's note: this is needed for CVE-2020-11076.patch to apply.

diff --git a/lib/puma/client.rb b/lib/puma/client.rb
index ac2609a3a79e..c02b7baf90ba 100644
--- a/lib/puma/client.rb
+++ b/lib/puma/client.rb
@@ -7,6 +7,7 @@ class IO
 end
 
 require 'puma/detect'
+require 'tempfile'
 
 if Puma::IS_JRUBY
   # We have to work around some OpenSSL buffer/io-readiness bugs
@@ -113,9 +114,116 @@ module Puma
     # no body share this one object since it has no state.
     EmptyBody = NullIO.new
 
+    def setup_chunked_body(body)
+      @chunked_body = true
+      @partial_part_left = 0
+      @prev_chunk = ""
+
+      @body = Tempfile.new(Const::PUMA_TMP_BASE)
+      @body.binmode
+      @tempfile = @body
+
+      return decode_chunk(body)
+    end
+
+    def decode_chunk(chunk)
+      if @partial_part_left > 0
+        if @partial_part_left <= chunk.size
+          @body << chunk[0..(@partial_part_left-3)] # skip the \r\n
+          chunk = chunk[@partial_part_left..-1]
+        else
+          @body << chunk
+          @partial_part_left -= chunk.size
+          return false
+        end
+      end
+
+      if @prev_chunk.empty?
+        io = StringIO.new(chunk)
+      else
+        io = StringIO.new(@prev_chunk+chunk)
+        @prev_chunk = ""
+      end
+
+      while !io.eof?
+        line = io.gets
+        if line.end_with?("\r\n")
+          len = line.strip.to_i(16)
+          if len == 0
+            @body.rewind
+            @buffer = nil
+            @requests_served += 1
+            @ready = true
+            return true
+          end
+
+          len += 2
+
+          part = io.read(len)
+
+          unless part
+            @partial_part_left = len
+            next
+          end
+
+          got = part.size
+
+          case
+          when got == len
+            @body << part[0..-3] # to skip the ending \r\n
+          when got <= len - 2
+            @body << part
+            @partial_part_left = len - part.size
+          when got == len - 1 # edge where we get just \r but not \n
+            @body << part[0..-2]
+            @partial_part_left = len - part.size
+          end
+        else
+          @prev_chunk = line
+          return false
+        end
+      end
+
+      return false
+    end
+
+    def read_chunked_body
+      while true
+        begin
+          chunk = @io.read_nonblock(4096)
+        rescue Errno::EAGAIN
+          return false
+        rescue SystemCallError, IOError
+          raise ConnectionError, "Connection error detected during read"
+        end
+
+        # No chunk means a closed socket
+        unless chunk
+          @body.close
+          @buffer = nil
+          @requests_served += 1
+          @ready = true
+          raise EOFError
+        end
+
+        return true if decode_chunk(chunk)
+      end
+    end
+
     def setup_body
       @in_data_phase = true
+      @read_header = false
+
       body = @parser.body
+
+      te = @env[TRANSFER_ENCODING2]
+
+      if te == CHUNKED
+        return setup_chunked_body(body)
+      end
+
+      @chunked_body = false
+
       cl = @env[CONTENT_LENGTH]
 
       unless cl
@@ -150,8 +258,6 @@ module Puma
 
       @body_remain = remain
 
-      @read_header = false
-
       return false
     end
 
@@ -242,6 +348,10 @@ module Puma
     end
 
     def read_body
+      if @chunked_body
+        return read_chunked_body
+      end
+
       # Read an odd sized chunk so we can read even sized ones
       # after this
       remain = @body_remain
diff --git a/lib/puma/const.rb b/lib/puma/const.rb
index d074ad23b925..7bf0efc2b4e0 100644
--- a/lib/puma/const.rb
+++ b/lib/puma/const.rb
@@ -228,6 +228,7 @@ module Puma
     CONTENT_LENGTH2 = "content-length".freeze
     CONTENT_LENGTH_S = "Content-Length: ".freeze
     TRANSFER_ENCODING = "transfer-encoding".freeze
+    TRANSFER_ENCODING2 = "HTTP_TRANSFER_ENCODING".freeze
 
     CONNECTION_CLOSE = "Connection: close\r\n".freeze
     CONNECTION_KEEP_ALIVE = "Connection: Keep-Alive\r\n".freeze
@@ -235,6 +236,8 @@ module Puma
     TRANSFER_ENCODING_CHUNKED = "Transfer-Encoding: chunked\r\n".freeze
     CLOSE_CHUNKED = "0\r\n\r\n".freeze
 
+    CHUNKED = "chunked".freeze
+
     COLON = ": ".freeze
 
     NEWLINE = "\n".freeze

Places

File chunked-request-handling.patch of Package rubygem-puma.15815

Places