mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
10c64a472f
Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633]
24 lines
551 B
Ruby
24 lines
551 B
Ruby
# frozen_string_literal: true
|
|
|
|
require "rack/body_proxy"
|
|
|
|
module ActionDispatch
|
|
class Executor
|
|
def initialize(app, executor)
|
|
@app, @executor = app, executor
|
|
end
|
|
|
|
def call(env)
|
|
state = @executor.run!(reset: true)
|
|
begin
|
|
response = @app.call(env)
|
|
returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
|
|
rescue => error
|
|
@executor.error_reporter.report(error, handled: false)
|
|
raise
|
|
ensure
|
|
state.complete! unless returned
|
|
end
|
|
end
|
|
end
|
|
end
|