+++ This bug was initially created as a clone of Bug #212237 +++
Jeremy Kemper mailed this information to vendor-sec:
Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
when the input stream returns "" (empty string) instead of nil on EOF.
Certain malformed multipart requests leave the parser in a non-terminating
state, leaving the program vulnerable to denial of service attack. The fix
more carefully checks for input stream EOF.
affected: standalone CGI, Mongrel
unaffected: FastCGI, mod_ruby, WEBrick
This fully closes a previously-reported but partially-fixed vulnerability:
-- Additional comment from bressers on 2006-10-25 15:28 EST --
Created an attachment (id=139389)
-- Additional comment from bressers on 2006-10-26 13:26 EST --
This issue also affects FC5
fixed in 1.8.5-4.fc6 and 1.8.5-1.fc5.
ruby-1.8.5-4.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.