about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2010-04-19 13:47:29 -0700
committerEric Wong <normalperson@yhbt.net>2010-04-19 13:47:29 -0700
commit3d0558d7c80c63bab48eb561fdb7e3d580428b01 (patch)
treebd0595db29dea2d8c67e4410367ebc218b40fbe0
parentd5d5658b927798c9f5c4aab9808c3c4386a51f14 (diff)
downloadrainbows-3d0558d7c80c63bab48eb561fdb7e3d580428b01.tar.gz
This release fixes a denial-of-service vector for deployments
exposed directly to untrusted clients.

The HTTP parser in Unicorn <= 0.97.0 would trip an assertion
(killing the associated worker process) on invalid
Content-Length headers instead of raising an exception.  Since
Rainbows! and Zbatery supports multiple clients per worker
process, all clients connected to the worker process that hit
the assertion would be aborted.

Deployments behind nginx are _not_ affected by this bug, as
nginx will reject clients that send invalid Content-Length
headers.

The status of deployments behind other HTTP-aware proxies is
unknown.  Deployments behind a non-HTTP-aware proxy (or no proxy
at all) are certainly affected by this DoS.

Users are strongly encouraged to upgrade as soon as possible,
there are no other changes besides this bug fix from Rainbows!
0.91.0 nor Unicorn 0.97.0

This bug affects all previously released versions of Rainbows!
and Zbatery.
-rwxr-xr-xGIT-VERSION-GEN2
-rw-r--r--lib/rainbows/const.rb2
-rw-r--r--rainbows.gemspec6
3 files changed, 5 insertions, 5 deletions
diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN
index 366063e..95d54f9 100755
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v0.91.0.GIT
+DEF_VER=v0.91.1.GIT
 
 LF='
 '
diff --git a/lib/rainbows/const.rb b/lib/rainbows/const.rb
index 4250866..99fb257 100644
--- a/lib/rainbows/const.rb
+++ b/lib/rainbows/const.rb
@@ -3,7 +3,7 @@
 module Rainbows
 
   module Const
-    RAINBOWS_VERSION = '0.91.0'
+    RAINBOWS_VERSION = '0.91.1'
 
     include Unicorn::Const
 
diff --git a/rainbows.gemspec b/rainbows.gemspec
index 0fda618..579088f 100644
--- a/rainbows.gemspec
+++ b/rainbows.gemspec
@@ -41,9 +41,9 @@ Gem::Specification.new do |s|
   s.test_files = test_files
 
   # we need Unicorn for the HTTP parser and process management
-  # The HTTP parser in Unicorn < 0.96.1 did not use the Ruby
-  # API correctly and resulted in a memory leak
-  s.add_dependency(%q<unicorn>, ["~> 0.97.0"])
+  # The HTTP parser in Unicorn <= 0.97.0 was vulnerable to a remote DoS
+  # when exposed directly to untrusted clients.
+  s.add_dependency(%q<unicorn>, ["~> 0.97.1"])
 
   # Unicorn already depends on Rack
   # s.add_dependency(%q<rack>)