[#89555] [Ruby trunk Feature#15251] Hash aset should deduplicate non tainted string — chopraanmol1@...
Issue #15251 has been updated by chopraanmol1 (Anmol Chopra).
3 messages
2018/10/25
[#89583] [PATCH] vm_trace.c (postponed_job_register): only hit main thread — Eric Wong <normalperson@...>
@hsbt: I post here on ruby-core because I hit errors with
5 messages
2018/10/27
[#89584] Re: [PATCH] vm_trace.c (postponed_job_register): only hit main thread
— Koichi Sasada <ko1@...>
2018/10/27
thank you for you patch.
[#89590] Re: [PATCH] vm_trace.c (postponed_job_register): only hit main thread
— Eric Wong <normalperson@...>
2018/10/28
Koichi Sasada <ko1@atdot.net> wrote:
[#89621] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — Greg.mpls@...
Issue #14867 has been updated by MSP-Greg (Greg L).
4 messages
2018/10/29
[#89622] Re: [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process
— Eric Wong <normalperson@...>
2018/10/29
Greg.mpls@gmail.com wrote:
[#89627] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been updated by k0kubun (Takashi Kokubun).
3 messages
2018/10/30
[#89654] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been updated by k0kubun (Takashi Kokubun).
4 messages
2018/10/31
[#89655] Re: [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process
— Eric Wong <normalperson@...>
2018/10/31
takashikkbn@gmail.com wrote:
[ruby-core:89234] [Ruby trunk Bug#15187] IPv6 x-forwarded-host results in "bad URI" error
From:
kwintersnc@...
Date:
2018-10-01 13:45:14 UTC
List:
ruby-core #89234
Issue #15187 has been reported by kwinters (Ken Winters).
----------------------------------------
Bug #15187: IPv6 x-forwarded-host results in "bad URI" error
https://bugs.ruby-lang.org/issues/15187
* Author: kwinters (Ken Winters)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
* ruby -v:
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
A request that normally works with IPv4 is failing for IPv6. The webrick server is running behind Apache2, which is setting the x-forwarded-* headers.
```
$ curl -k https://[fd20:8b1e:b255:8154:250:56ff:fea8:4d84]/something
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<HTML>
<HEAD><TITLE>Bad Request</TITLE></HEAD>
<BODY>
<H1>Bad Request</H1>
bad URI `/api/v3/versions'.
<HR>
<ADDRESS>
WEBrick/1.3.1 (Ruby/2.3.3/2016-11-21) at
DCU-ADM1-178:4567
</ADDRESS>
</BODY>
</HTML>
```
I added some logging to httprequest.rb to output the headers:
(fails) x-forwarded-host: [fd20:8b1e:b255:8154:250:56ff:fea8:4d84]
(works) x-forwarded-host: 10.224.3.178
The bug appears to be in here:
```
def setup_forwarded_info
if @forwarded_server = self["x-forwarded-server"]
@forwarded_server = @forwarded_server.split(",", 2).first
end
@forwarded_proto = self["x-forwarded-proto"]
if host_port = self["x-forwarded-host"]
host_port = host_port.split(",", 2).first
@forwarded_host, tmp = host_port.split(":", 2) # HERE
@forwarded_port = (tmp || (@forwarded_proto == "https" ? 443 : 80)).to_i
end
if addrs = self["x-forwarded-for"]
addrs = addrs.split(",").collect(&:strip)
addrs.reject!{|ip| PrivateNetworkRegexp =~ ip }
@forwarded_for = addrs.first
end
end
```
Changing it to remove the split avoids the bug, but this simpler implementation doesn't support a port.
```
if host_port = self["x-forwarded-host"]
host_port = host_port.split(",", 2).first
@forwarded_host = host_port # Dropped the split on :
@forwarded_port = @forwarded_proto == "https" ? 443 : 80
end
```
Originally filed as https://github.com/ruby/webrick/issues/11 before the bug submission link was updated.
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>