igrigorik
commented
5 years ago Do you have an example test case to reproduce this behavior? I'm still a bit unclear on how this path is triggered.
Open doriantaylor opened 5 years ago
igrigorik
commented
5 years ago Do you have an example test case to reproduce this behavior? I'm still a bit unclear on how this path is triggered.
doriantaylor
commented
5 years ago I wrote a quick CGI script to replicate it. It's up here: https://makethingsmakesense.com/bogus-redirect.cgi . Try hitting it and you'll see the crash.
This will fix it but I'm not sure if it's the most sensible solution:
# issue #334: you can have a response code which is in the
# "redirect" range *without* a Location header; indeed
# this may not be aggressive enough (ie perhaps we should
# also check if the header is well-formed before
# committing more resources)
if redirect? && @response_header.location
@req.followed += 1
@cookies.clear
@cookies = @cookiejar.get(@response_header.location).map(&:to_s) if @req.pass_cookies
@conn.redirect(self, @response_header.location)
else
succeed(self)
end
Getting a crash scenario from a 301 without a
Locationheader. What appears to happen is thatHttpConnection#redirectgets called withnilas a location which creates an empty hostname. Stack trace looks like this:• No checking for
Locationheader in the client • No subsequent checking in the connectionThe result is that an instance like this is created:
#<Addressable::URI:0x2aaf7488f7a4 URI:/>, which makes@hostbeniland thus crash with the type error cited above.This should be easy enough to patch, the only question is what precisely—policywise—to patch it with.