diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-12-08 22:02:45 +0000 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-12-09 06:34:37 +0800 |
commit | 3b2fc62dadd3c90038c168849b33c4ca6df058da (patch) | |
tree | 2724ad66053bd63b433c69b3b7bf8821351f71eb /lib/unicorn/tee_input.rb | |
parent | 52f55529293e466a77090691d1fe06a7933c74a1 (diff) | |
download | unicorn-3b2fc62dadd3c90038c168849b33c4ca6df058da.tar.gz |
In case a request sends the header and buffer as one packet, TeeInput relying on accounting info from StreamInput is harmful as StreamInput will buffer in memory outside of TeeInput's control. This bug is triggered by calling env["rack.input"].size or env["rack.input"].rewind before to read.
Diffstat (limited to 'lib/unicorn/tee_input.rb')
-rw-r--r-- | lib/unicorn/tee_input.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/unicorn/tee_input.rb b/lib/unicorn/tee_input.rb index ee3effd..53f6ebf 100644 --- a/lib/unicorn/tee_input.rb +++ b/lib/unicorn/tee_input.rb @@ -43,10 +43,10 @@ class Unicorn::TeeInput < Unicorn::StreamInput # specified +length+ in a loop until it returns +nil+. def size @len and return @len - pos = @bytes_read + pos = @tmp.pos consume! @tmp.pos = pos - @len = @bytes_read + @len = @tmp.size end # :call-seq: @@ -92,7 +92,7 @@ class Unicorn::TeeInput < Unicorn::StreamInput # the offset (zero) of the +ios+ pointer. Subsequent reads will # start from the beginning of the previously-buffered input. def rewind - return 0 if @bytes_read == 0 + return 0 if 0 == @tmp.size consume! if @socket @tmp.rewind # Rack does not specify what the return value is here end |