Project

General

Profile

Actions

Bug #10591

closed

Net::HTTPResponse#read_status_line does not throw Net::HTTPBadResponse with some malformed responses.

Added by Anonymous about 10 years ago. Updated almost 10 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin12.0]
[ruby-core:66791]

Description

The offending line of code appears to be this: https://github.com/ruby/ruby/blob/448c87008e1bc66a93b8f21eedea060f281874a4/lib/net/http/response.rb#L40

The regular expression for matching the status line uses \s* to match the space between the response code and message. This is erroneous because when given a malformed status line like HTTP/1.1 1234 it parses the response code as 123 and the message as 4.

Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1

Updated by leriksen (Leif Eriksen) about 10 years ago

https://github.com/ruby/ruby/pull/782

update regex to require one or more spaces (changed from zero or more) between the status code and the reason code.

RFC2616 says
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF

http://grokbase.com/t/apache/dev/085mz81ecq/empty-reason-phrase-bz-44995-45092
Reason-Phrase = *
This seems to imply that the Reason-Phrase can be empty.

Updated test case to catch any regressions if the regex is changed at this point again.

Updated by naruse (Yui NARUSE) about 10 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED

Updated by naruse (Yui NARUSE) about 10 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset r48948.


Updated by naruse (Yui NARUSE) about 10 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONE

ruby_2_2 r48952 merged revision(s) 48948.

Updated by usa (Usaku NAKAMURA) almost 10 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONE to 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONE

Backported into ruby_2_0_0 at r49250.

Updated by nagachika (Tomoyuki Chikanaga) almost 10 years ago

  • Backport changed from 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONE to 2.0.0: DONE, 2.1: DONE, 2.2: DONE

Backported into ruby_2_1 branch at r49652.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0