diff options
author | Dirkjan Bussink <d.bussink@gmail.com> | 2021-03-08 09:51:09 +0100 |
---|---|---|
committer | Eric Wong <bofh@yhbt.net> | 2021-03-13 02:19:04 +0000 |
commit | c917ac526df214611ec33c21de2b070452ec8434 (patch) | |
tree | 627b9c3050e2533bde08766473ed045f49c967b7 /lib/unicorn/http_server.rb | |
parent | 5cdb68eb26faf7fd75fbf3ab1fadcf2a30fd4974 (diff) | |
download | unicorn-c917ac526df214611ec33c21de2b070452ec8434.tar.gz |
This removes the reuse of the parser between requests. Reusing these is risky in the context of running any other threads within the unicorn process, also for threads that run background tasks. If any other thread accidentally grabs hold of the request it can modify things for the next request in flight. The downside here is that we allocate more for each request, but that is worth the trade off here and the security risk we otherwise would carry to leaking wrong and incorrect data.
Diffstat (limited to 'lib/unicorn/http_server.rb')
-rw-r--r-- | lib/unicorn/http_server.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/unicorn/http_server.rb b/lib/unicorn/http_server.rb index c0f14ba..22f067f 100644 --- a/lib/unicorn/http_server.rb +++ b/lib/unicorn/http_server.rb @@ -69,7 +69,6 @@ class Unicorn::HttpServer # incoming requests on the socket. def initialize(app, options = {}) @app = app - @request = Unicorn::HttpRequest.new @reexec_pid = 0 @default_middleware = true options = options.dup @@ -621,6 +620,7 @@ class Unicorn::HttpServer # once a client is accepted, it is processed in its entirety here # in 3 easy steps: read request, call app, write app response def process_client(client) + @request = Unicorn::HttpRequest.new env = @request.read(client) if early_hints |