* lib/webrick/httprequest.rb, lib/webrick/cgi.rb: Request-Line or

  header fields shold be read with maximum length. [ruby-talk:231745]


git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 10 insertions, 7 deletions

diff --git a/lib/webrick/cgi.rb b/lib/webrick/cgi.rb
index ff140ca84..8e43ac570 100644
--- a/lib/webrick/cgi.rb
+++ b/lib/webrick/cgi.rb
@@ -196,8 +196,8 @@ module WEBrick
         [nil, @server_port, @server_name, @server_addr]
       end
   
-      def gets(eol=LF)
-        input.gets(eol)
+      def gets(eol=LF, size=nil)
+        input.gets(eol, size)
       end
   
       def read(size=nil)
diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
index 2dca0655d..430054bb2 100644
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@@ -219,7 +219,10 @@ module WEBrick
     private
 
     def read_request_line(socket)
-      @request_line = read_line(socket) if socket
+      @request_line = read_line(socket, 1024) if socket
+      if @request_line.size >= 1024 and @request_line[-1, 1] != LF
+        raise HTTPStatus::RequestURITooLarge
+      end
       @request_time = Time.now
       raise HTTPStatus::EOFError unless @request_line
       if /^(\S+)\s+(\S+)(?:\s+HTTP\/(\d+\.\d+))?\r?\n/mo =~ @request_line
@@ -317,10 +320,10 @@ module WEBrick
       @remaining_size = 0
     end
 
-    def _read_data(io, method, arg)
+    def _read_data(io, method, *arg)
       begin
         WEBrick::Utils.timeout(@config[:RequestTimeout]){
-          return io.__send__(method, arg)
+          return io.__send__(method, *arg)
         }
       rescue Errno::ECONNRESET
         return nil
@@ -329,8 +332,8 @@ module WEBrick
       end
     end
 
-    def read_line(io)
-      _read_data(io, :gets, LF)
+    def read_line(io, size=4096)
+      _read_data(io, :gets, LF, size)
     end
 
     def read_data(io, size)