Bug #10591
closedNet::HTTPResponse#read_status_line does not throw Net::HTTPBadResponse with some malformed responses.
Description
The offending line of code appears to be this: https://github.com/ruby/ruby/blob/448c87008e1bc66a93b8f21eedea060f281874a4/lib/net/http/response.rb#L40
The regular expression for matching the status line uses \s* to match the space between the response code and message. This is erroneous because when given a malformed status line like HTTP/1.1 1234 it parses the response code as 123 and the message as 4.
Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1
Updated by leriksen (Leif Eriksen) about 10 years ago
https://github.com/ruby/ruby/pull/782
update regex to require one or more spaces (changed from zero or more) between the status code and the reason code.
RFC2616 says
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
http://grokbase.com/t/apache/dev/085mz81ecq/empty-reason-phrase-bz-44995-45092
Reason-Phrase = *
This seems to imply that the Reason-Phrase can be empty.
Updated test case to catch any regressions if the regex is changed at this point again.
Updated by naruse (Yui NARUSE) about 10 years ago
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED
Updated by naruse (Yui NARUSE) about 10 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
Applied in changeset r48948.
- lib/net/http/response.rb (Net::HTTPResponse): require one or more
spaces [Bug #10591].
by leriksen leif.eriksen.au@gmail.com
https://github.com/ruby/ruby/pull/782 fix GH-782
NOTE: graph.facebook.com returns without SP Reason-Phrase.
Updated by naruse (Yui NARUSE) about 10 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONE
ruby_2_2 r48952 merged revision(s) 48948.
Updated by usa (Usaku NAKAMURA) almost 10 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONE to 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONE
Backported into ruby_2_0_0
at r49250.
Updated by nagachika (Tomoyuki Chikanaga) almost 10 years ago
- Backport changed from 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONE to 2.0.0: DONE, 2.1: DONE, 2.2: DONE
Backported into ruby_2_1
branch at r49652.