[#59462] [ruby-trunk - Bug #9342][Open] [PATCH] SizedQueue#clear does not notify waiting threads in Ruby 1.9.3 — "jsc (Justin Collins)" <redmine@...>

9 messages 2014/01/02

[#59466] [ruby-trunk - Bug #9343][Open] [PATCH] SizedQueue#max= wakes up waiters properly — "normalperson (Eric Wong)" <normalperson@...>

11 messages 2014/01/02

[#59498] [ruby-trunk - Bug #9352][Open] [BUG] rb_sys_fail_str(connect(2) for [fe80::1%lo0]:3000) - errno == 0 — "kain (Claudio Poli)" <claudio@...>

10 messages 2014/01/03

[#59516] [ruby-trunk - Bug #9356][Open] TCPSocket.new does not seem to handle INTR — "charliesome (Charlie Somerville)" <charliesome@...>

48 messages 2014/01/03

[#59538] [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed — "shyouhei (Shyouhei Urabe)" <shyouhei@...>

33 messages 2014/01/03
[#59582] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed — SASADA Koichi <ko1@...> 2014/01/06

Intersting challenge.

[#59541] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed — Eric Wong <normalperson@...> 2014/01/04

Hi, I noticed a trivial typo in array.c, and it fails building struct.c

[#59583] [ruby-trunk - Bug #9367][Open] REXML::XmlDecl doesn't use user specified quotes — "bearmini (Takashi Oguma)" <bear.mini@...>

12 messages 2014/01/06

[#59642] [ruby-trunk - Bug #9384][Open] Segfault in ruby 2.1.0p0 — "cbliard (Christophe Bliard)" <christophe.bliard@...>

11 messages 2014/01/08

[#59791] About unmarshallable DRb objects life-time — Rodrigo Rosenfeld Rosas <rr.rosas@...>

A while ago I created a proof-of-concept that I intended to use in my

16 messages 2014/01/15
[#59794] Re: About unmarshallable DRb objects life-time — Eric Hodel <drbrain@...7.net> 2014/01/15

On 15 Jan 2014, at 11:58, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:

[#59808] Re: About unmarshallable DRb objects life-time — Rodrigo Rosenfeld Rosas <rr.rosas@...> 2014/01/16

Em 15-01-2014 19:42, Eric Hodel escreveu:

[#59810] Re: About unmarshallable DRb objects life-time — Eric Hodel <drbrain@...7.net> 2014/01/16

On 16 Jan 2014, at 02:15, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:

[#59826] Re: About unmarshallable DRb objects life-time — Rodrigo Rosenfeld Rosas <rr.rosas@...> 2014/01/17

Em 16-01-2014 19:43, Eric Hodel escreveu:

[#59832] Re: About unmarshallable DRb objects life-time — Eric Hodel <drbrain@...7.net> 2014/01/17

On 17 Jan 2014, at 04:22, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:

[ruby-core:60261] [ruby-trunk - Bug #5418] Some properties of WEBrick::HTTPRequest could be malformed

From: shibata.hiroshi@...
Date: 2014-01-30 06:16:31 UTC
List: ruby-core #60261
Issue #5418 has been updated by Hiroshi SHIBATA.

Target version changed from 2.1.0 to current: 2.2.0

----------------------------------------
Bug #5418: Some properties of WEBrick::HTTPRequest could be malformed
https://bugs.ruby-lang.org/issues/5418#change-44740

* Author: Hiroshi Nakamura
* Status: Assigned
* Priority: Normal
* Assignee: Hiroshi Nakamura
* Category: lib
* Target version: current: 2.2.0
* ruby -v: -
* Backport: 
----------------------------------------
Original reported issue: CVE-2011-3187

Users may expect that properties of WEBrick::HTTPRequest to be not
malformed/faked. But at the fact, in current implementation, following
properties can be malformed and faked by HTTP header sent by attacker.

 - HTTPRequest#host
  - can be malformed/faked by 'x-forwarded-host'
  - can be faked by 'Host'

 - HTTPRequest#port
  - can be faked by 'Host'

 - HTTPRequest#server_name
  - can be malformed/faked by 'x-forwarded-server'

 - HTTPRequest#remote_ip
  - can be malformed/faked by 'x-forwarded-for' and 'client-ip'

 - HTTPRequest#ssl?
  - can be faked by 'Host'

 - HTTPRequest#meta_vars (Hash of meta vars such as 'REQUEST_URI')
  - can be malformed/faked by some HTTP headers

Here's the list of reason why we're thinking it's not a
high-priority security bug at this moment.

 - For faked data issue, we don't have a way to guarantee that it's not
  faked. So developers of HTTPRequest must aware of that.

 - For malformed data issue, it should be a bug of HTTPRequest to be
  fixed, but it's the same problem for x-forwarded-host,
  x-forwarded-server and client-ip. We're offering those data in as-is
  basis from HTTP header so we can expect users handle the data
  properly for their purpose (for dumping to xterm, embedding to HTML,
  etc.)

 - And the fix for this bug would be a little complex for quick-fix
  because it's not only x-forwarded-for which causes this issue.
  'client-ip' needs care, too. Documentation would be enough for
  server_name. We think we need general development cycle for fixing
  it.

ref:
https://bugzilla.novell.com/show_bug.cgi?id=673010
http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html




-- 
http://bugs.ruby-lang.org/

In This Thread