| commit | e2c16da9ddf2572887f29f9a7d1165531cacbcbd | |
| author | Eric Wong <normalperson@yhbt.net> | |
| Mon, 19 Apr 2010 20:40:37 +0000 (19 13:40 -0700) | ||
| committer | Eric Wong <normalperson@yhbt.net> | |
| Mon, 19 Apr 2010 20:51:28 +0000 (19 13:51 -0700) | ||
| tree | 0613d7c3ed6bbeed33fd7f33e19bb012c31da377 | treesnapshot (tar.gz zip) |
| parent | b1e90244af775cc6713a531f4194726e35df5379 | commitdiff |
http: negative/invalid Content-Length raises exception
...instead of tripping an assertion.
This fixes a potential denial-of-service for servers exposed directly
to untrusted clients.
This bug does not affect supported Unicorn deployments as Unicorn is
only supported with trusted clients (such as nginx) on a LAN. nginx is
known to reject clients that send invalid Content-Length headers, so any
deployments on a trusted LAN and/or behind nginx are safe.
Servers affected by this bug include (but are not limited to) Rainbows!
and Zbatery. This does not affect Thin nor Mongrel which never got
request body filtering treatment that the Unicorn HTTP parser got in
August 2009.
...instead of tripping an assertion.
This fixes a potential denial-of-service for servers exposed directly
to untrusted clients.
This bug does not affect supported Unicorn deployments as Unicorn is
only supported with trusted clients (such as nginx) on a LAN. nginx is
known to reject clients that send invalid Content-Length headers, so any
deployments on a trusted LAN and/or behind nginx are safe.
Servers affected by this bug include (but are not limited to) Rainbows!
and Zbatery. This does not affect Thin nor Mongrel which never got
request body filtering treatment that the Unicorn HTTP parser got in
August 2009.
| ext/unicorn_http/c_util.h | diffblobblamehistory | |
| test/unit/test_http_parser_ng.rb | diffblobblamehistory |