File tree Expand file tree Collapse file tree 2 files changed +28
-1
lines changed
Expand file tree Collapse file tree 2 files changed +28
-1
lines changed Original file line number Diff line number Diff line change @@ -574,7 +574,11 @@ def read_chunked(socket, block)
574574block . call ( data )
575575end while ( chunk_size -= sz ) > 0
576576
577- read_line ( socket ) # skip CRLF
577+ line = read_line ( socket ) # skip CRLF
578+ unless line == "\r \n "
579+ raise HTTPStatus ::BadRequest , "extra data after chunk `#{ line }
580+ end
581+
578582chunk_size , = read_chunk_size ( socket )
579583end
580584read_header ( socket ) # trailer + CRLF
Original file line number Diff line number Diff line change @@ -423,6 +423,29 @@ def test_bad_chunked
423423end
424424end
425425
426+ def test_bad_chunked_extra_data
427+ msg = <<~HTTP
428+ POST /path HTTP/1.1\r
429+ Transfer-Encoding: chunked\r
430+ \r
431+ 3\r
432+ ABCthis-all-gets-ignored\r
433+ 0\r
434+ \r
435+ HTTP
436+ req = WEBrick ::HTTPRequest . new ( WEBrick ::Config ::HTTP )
437+ req . parse ( StringIO . new ( msg ) )
438+ assert_raise ( WEBrick ::HTTPStatus ::BadRequest ) { req . body }
439+
440+ # chunked req.body_reader
441+ req = WEBrick ::HTTPRequest . new ( WEBrick ::Config ::HTTP )
442+ req . parse ( StringIO . new ( msg ) )
443+ dst = StringIO . new
444+ assert_raise ( WEBrick ::HTTPStatus ::BadRequest ) do
445+ IO . copy_stream ( req . body_reader , dst )
446+ end
447+ end
448+
426449def test_null_byte_in_header
427450msg = <<~HTTP . gsub ( "\n " , "\r \n " )
428451 POST /path HTTP/1.1\r
You can’t perform that action at this time.
0 commit comments