diff options
author | Eric Wong <ew@80x24.org> | 2017-12-16 01:22:40 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2017-12-16 01:33:46 +0000 |
commit | 30e3c6abe542c6a9f5955e1d65896a0c3bab534f (patch) | |
tree | 5cecdf58f29e130c423e7bf7b671800f56143eec /ext/unicorn_http/unicorn_http.rl | |
parent | 1a407d78c90695c03ec6ac1e0a8b7f0e466c975e (diff) | |
download | unicorn-30e3c6abe542c6a9f5955e1d65896a0c3bab534f.tar.gz |
Hijackers may capture and reuse `env' indefinitely, so we must not use it in those cases for future requests. For non-hijack requests, we continue to reuse the `env' object to reduce memory recycling. Reported-and-tested-by: Sam Saffron <sam.saffron@gmail.com>
Diffstat (limited to 'ext/unicorn_http/unicorn_http.rl')
-rw-r--r-- | ext/unicorn_http/unicorn_http.rl | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ext/unicorn_http/unicorn_http.rl b/ext/unicorn_http/unicorn_http.rl index 357440b..283bfa2 100644 --- a/ext/unicorn_http/unicorn_http.rl +++ b/ext/unicorn_http/unicorn_http.rl @@ -26,6 +26,7 @@ void init_unicorn_httpdate(VALUE mark_ary); #define UH_FL_HASHEADER 0x100 #define UH_FL_TO_CLEAR 0x200 #define UH_FL_RESSTART 0x400 /* for check_client_connection */ +#define UH_FL_HIJACK 0x800 /* all of these flags need to be set for keepalive to be supported */ #define UH_FL_KEEPALIVE (UH_FL_KAVERSION | UH_FL_REQEOF | UH_FL_HASHEADER) @@ -607,6 +608,10 @@ static VALUE HttpParser_clear(VALUE self) { struct http_parser *hp = data_get(self); + /* we can't safely reuse .buf and .env if hijacked */ + if (HP_FL_TEST(hp, HIJACK)) + return HttpParser_init(self); + http_parser_init(hp); my_hash_clear(hp->env); @@ -813,6 +818,15 @@ static VALUE HttpParser_env(VALUE self) return data_get(self)->env; } +static VALUE HttpParser_hijacked_bang(VALUE self) +{ + struct http_parser *hp = data_get(self); + + HP_FL_SET(hp, HIJACK); + + return self; +} + /** * call-seq: * parser.filter_body(dst, src) => nil/src @@ -947,6 +961,7 @@ void Init_unicorn_http(void) rb_define_method(cHttpParser, "next?", HttpParser_next, 0); rb_define_method(cHttpParser, "buf", HttpParser_buf, 0); rb_define_method(cHttpParser, "env", HttpParser_env, 0); + rb_define_method(cHttpParser, "hijacked!", HttpParser_hijacked_bang, 0); rb_define_method(cHttpParser, "response_start_sent=", HttpParser_rssset, 1); rb_define_method(cHttpParser, "response_start_sent", HttpParser_rssget, 0); |