Attachment 1039441 Details for Bug 1232292 – 1-6-deep_params.patch

1-6-deep_params.patch

1-6-deep_params.patch (text/plain), 3.19 KB, created by Vasyl Kaigorodov on 2015-06-16 12:46:10 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Vasyl Kaigorodov

Created: 2015-06-16 12:46:10 UTC

Size: 3.19 KB

patch

obsolete

>From 19fb02f82e6b3bb68e2de55074e9804d42892252 Mon Sep 17 00:00:00 2001
>From: Aaron Patterson <aaron.patterson@gmail.com>
>Date: Tue, 9 Jun 2015 17:07:31 -0700
>Subject: [PATCH 1/2] raise an exception if the parameters are too deep
>
>---
> lib/rack/utils.rb  | 15 +++++++++++----
> test/spec_utils.rb | 12 ++++++++++++
> 2 files changed, 23 insertions(+), 4 deletions(-)
>
>diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
>index eea8c87..3b6f69f 100644
>--- a/lib/rack/utils.rb
>+++ b/lib/rack/utils.rb
>@@ -61,6 +61,7 @@ module Rack
> 
>     class << self
>       attr_accessor :key_space_limit
>+      attr_accessor :param_depth_limit
>       attr_accessor :multipart_part_limit
>     end
> 
>@@ -68,6 +69,10 @@ module Rack
>     # This helps prevent a rogue client from flooding a Request.
>     self.key_space_limit = 65536
> 
>+    # Default depth at which the parameter parser will raise an exception for
>+    # being too deep.  This helps prevent SystemStackErrors
>+    self.param_depth_limit = 100
>+
>     # The maximum number of parts a request can contain. Accepting too many part
>     # can lead to the server running out of file handles.
>     # Set to `0` for no limit.
>@@ -126,7 +131,9 @@ module Rack
>     # normalize_params recursively expands parameters into structural types. If
>     # the structural types represented by two different parameter names are in
>     # conflict, a ParameterTypeError is raised.
>-    def normalize_params(params, name, v = nil)
>+    def normalize_params(params, name, v = nil, depth = Utils.param_depth_limit)
>+      raise RangeError if depth <= 0
>+
>       name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
>       k = $1 || ''
>       after = $' || ''
>@@ -146,14 +153,14 @@ module Rack
>         params[k] ||= []
>         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
>         if params_hash_type?(params[k].last) && !params[k].last.key?(child_key)
>-          normalize_params(params[k].last, child_key, v)
>+          normalize_params(params[k].last, child_key, v, depth - 1)
>         else
>-          params[k] << normalize_params(params.class.new, child_key, v)
>+          params[k] << normalize_params(params.class.new, child_key, v, depth - 1)
>         end
>       else
>         params[k] ||= params.class.new
>         raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
>-        params[k] = normalize_params(params[k], after, v)
>+        params[k] = normalize_params(params[k], after, v, depth - 1)
>       end
> 
>       return params
>diff --git a/test/spec_utils.rb b/test/spec_utils.rb
>index 06ed563..c2d479f 100644
>--- a/test/spec_utils.rb
>+++ b/test/spec_utils.rb
>@@ -134,6 +134,18 @@ describe Rack::Utils do
>     }.should.not.raise
>   end
> 
>+  should "raise an exception if the params are too deep" do
>+    len = Rack::Utils.param_depth_limit
>+
>+    lambda {
>+      Rack::Utils.parse_nested_query("foo#{"[a]" * len}=bar")
>+    }.should.raise(RangeError)
>+
>+    lambda {
>+      Rack::Utils.parse_nested_query("foo#{"[a]" * (len - 1)}=bar")
>+    }.should.not.raise
>+  end
>+
>   should "parse nested query strings correctly" do
>     Rack::Utils.parse_nested_query("foo").
>       should.equal "foo" => nil
>-- 
>2.2.1
>

Actions: View

Attachments on bug 1232292: 1039440 | 1039441