From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rack-devel+bncBD4PTDWJVIEBBD6WZ64QKGQEHHGNJ6A@googlegroups.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail-qk0-f185.google.com (mail-qk0-f185.google.com [209.85.220.185])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 7184A2045C
	for <e@80x24.org>; Thu, 12 May 2016 02:31:44 +0000 (UTC)
Received: by mail-qk0-f185.google.com with SMTP id l68sf18921675qkf.0
        for <e@80x24.org>; Wed, 11 May 2016 19:31:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20120806;
        h=sender:date:from:to:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:x-original-sender
         :x-original-authentication-results:reply-to:precedence:mailing-list
         :list-id:x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=o6tcwtkQqQhjFN1vH09KWhcnbPwUMWQ275Q8m+fMjQU=;
        b=HveOGt9jy2y9MH+nd5RpB4a2ssxTe4aQeM7BVXgFbj/rWeNeNfjsg2RKpXe4LzOMdB
         LJw55g/WfggkRO8Bv9ZiYPQxF8Z0CH1PeNXxBsB+bQ3rdIxx2hodiiVUgPmJUwKtDFyZ
         aV469iyRW4kgjOYobFCRtckvdPkSGGN7Uc4WU/vVek4efMK/MKA7rYP1vCggJ0fLa8C2
         95ckYjDbRfVwYb58kosg7Y8MBv1pGeb9wf+PmfhCOfd1Nb9Gw4fcHYg96pLCRvERqApE
         M/qfNLWOysMckgn+xyuL6HFDXa0BzsansGAsrKSH9r6cs5+LbNIs7LC4TRBne7BuSIwE
         +zAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=sender:x-gm-message-state:date:from:to:subject:message-id
         :references:mime-version:content-disposition:in-reply-to
         :x-original-sender:x-original-authentication-results:reply-to
         :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
         :list-help:list-archive:list-subscribe:list-unsubscribe;
        bh=o6tcwtkQqQhjFN1vH09KWhcnbPwUMWQ275Q8m+fMjQU=;
        b=Iy3BW47he7nML313FFHpnGIVgL97z3LqpfMQsqV2K+SVFut1KIWzn86cUqjd21KkbQ
         IBktqfols8eDJFgWd1SuNYURAQrIsrelZZmBNJf7kWuMrXbIinX4BRS9wUjyBQmPyj/9
         FWLyAH+5ZDVNHE1Tx9cguDN/HUGhEydYvwf2dhJH0tX+QQFBixJ+NY0htgb2QLQMnwcF
         YqIYHWN41z9sTb9fZw2OqduGt+ImSbryDXUd+EmEQ9rtNKRn2Ro7bGohkSdW0dzTGCHs
         9vqkupu0veZAGSasO3sFWvF2QZiOzZpwPppTVP5k/ecdgM9L9/qWP6P2n+r2hcSOaP2z
         GE+A==
Sender: rack-devel@googlegroups.com
X-Gm-Message-State: AOPr4FWyH5xQDLFGP3gUdlgyQ5Lv0343tKbGxZQSYy038NZhGpnBDO9YdsPjHygfDO611Q==
X-Received: by 10.140.98.247 with SMTP id o110mr239265qge.18.1463020303701;
        Wed, 11 May 2016 19:31:43 -0700 (PDT)
X-BeenThere: rack-devel@googlegroups.com
Received: by 10.140.102.77 with SMTP id v71ls1558728qge.47.gmail; Wed, 11 May
 2016 19:31:43 -0700 (PDT)
X-Received: by 10.140.195.198 with SMTP id q189mr4672975qha.26.1463020303426;
        Wed, 11 May 2016 19:31:43 -0700 (PDT)
Received: from dcvr.yhbt.net (dcvr.yhbt.net. [64.71.152.64])
        by gmr-mx.google.com with ESMTPS id ph3si2028965pac.1.2016.05.11.19.31.43
        for <rack-devel@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 11 May 2016 19:31:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of e@80x24.org designates 64.71.152.64 as permitted sender) client-ip=64.71.152.64;
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id 091A020D58;
	Thu, 12 May 2016 02:31:43 +0000 (UTC)
Date: Thu, 12 May 2016 02:31:54 +0000
From: Eric Wong <e@80x24.org>
To: rack-devel@googlegroups.com
Subject: [PATCH] webrick: detect partial hijack without hash headers
Message-ID: <20160512023154.GB8332@dcvr.yhbt.net>
References: <20160511050451.GA23544@dcvr.yhbt.net>
 <CABGa_T8ihnKWwguObGCQqF-qBA+_v1YwM1-2tv3y5ShbWo4scw@mail.gmail.com>
 <20160512022814.GA8332@dcvr.yhbt.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
In-Reply-To: <20160512022814.GA8332@dcvr.yhbt.net>
X-Original-Sender: e@80x24.org
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of e@80x24.org designates 64.71.152.64 as permitted
 sender) smtp.mailfrom=e@80x24.org
Reply-To: rack-devel@googlegroups.com
Precedence: list
Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com
List-ID: <rack-devel.googlegroups.com>
X-Google-Group-Id: 486215384060
List-Post: <https://groups.google.com/group/rack-devel/post>, <mailto:rack-devel@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:rack-devel+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/rack-devel
List-Subscribe: <https://groups.google.com/group/rack-devel/subscribe>, <mailto:rack-devel+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+486215384060+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/rack-devel/subscribe>

Response headers need not be a hash according to SPEC,
so grab the io_lambda the first time we iterate through
the headers and avoid an extra hash lookup.
---
  This is related to (but applies independently of) my lint
  clarification for case-sensitivity.

  The following changes since commit 9073125f71afd615091f575d74ec468a0b1b79bf:

    bumping version (2016-05-06 15:51:18 -0500)

  are available in the git repository at:

    git://80x24.org/rack.git webrick-header-each

  for you to fetch changes up to 2c95a6e5bc18ac860ec0f7f7614ffb4aa6ad817d:

    webrick: detect partial hijack without hash headers (2016-05-12 02:23:48 +0000)

  ----------------------------------------------------------------
  Eric Wong (1):
        webrick: detect partial hijack without hash headers

   lib/rack/handler/webrick.rb | 8 ++++----
   test/spec_webrick.rb        | 2 +-
   2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/rack/handler/webrick.rb b/lib/rack/handler/webrick.rb
index 95aa892..d0fcd21 100644
--- a/lib/rack/handler/webrick.rb
+++ b/lib/rack/handler/webrick.rb
@@ -86,10 +86,11 @@ def service(req, res)
         status, headers, body = @app.call(env)
         begin
           res.status = status.to_i
+          io_lambda = nil
           headers.each { |k, vs|
-            next if k.downcase == RACK_HIJACK
-
-            if k.downcase == "set-cookie"
+            if k == RACK_HIJACK
+              io_lambda = vs
+            elsif k.downcase == "set-cookie"
               res.cookies.concat vs.split("\n")
             else
               # Since WEBrick won't accept repeated headers,
@@ -98,7 +99,6 @@ def service(req, res)
             end
           }
 
-          io_lambda = headers[RACK_HIJACK]
           if io_lambda
             rd, wr = IO.pipe
             res.body = rd
diff --git a/test/spec_webrick.rb b/test/spec_webrick.rb
index 9ae6103..4a10c1c 100644
--- a/test/spec_webrick.rb
+++ b/test/spec_webrick.rb
@@ -171,7 +171,7 @@ def is_running?
     Rack::Lint.new(lambda{ |req|
       [
         200,
-        {"rack.hijack" => io_lambda},
+        [ [ "rack.hijack", io_lambda ] ],
         [""]
       ]
     })
-- 
EW

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.