* lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by

'Basic' header. Long username caused the base64 String truncation in HTTP header which is not allowed. See #5046. * test/xmlrpc/test_webrick_server.rb: test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32666 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2011-07-25 13:21:49 +00:00 · 2011-07-25 13:21:49 +00:00 · 2fff0f4f71
commit 2fff0f4f71
parent 0a9b952c6f
3 changed files with 42 additions and 4 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+Mon Jul 25 22:14:37 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
+	  'Basic' header. Long username caused the base64 String truncation in
+	  HTTP header which is not allowed. See #5046.
+
+	* test/xmlrpc/test_webrick_server.rb: test it.
+
 Mon Jul 25 15:04:33 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>

 	* ext/openssl/lib/openssl.rb: End of transition period introduced by
--- a/lib/xmlrpc/client.rb
+++ b/lib/xmlrpc/client.rb
@ -493,7 +493,7 @@ module XMLRPC
      else
        a =  "#@user"
        a << ":#@password" if @password != nil
-        @auth = ("Basic " + [a].pack("m")).chomp
+        @auth = "Basic " + [a].pack("m0")
      end
    end

--- a/test/xmlrpc/test_webrick_server.rb
+++ b/test/xmlrpc/test_webrick_server.rb
@ -3,13 +3,25 @@ require 'webrick'
 require_relative 'webrick_testing'
 require "xmlrpc/server"
 require 'xmlrpc/client'
+require 'logger'

 class Test_Webrick < Test::Unit::TestCase
  include WEBrick_Testing

+  @@basic_auth = WEBrick::HTTPAuth::BasicAuth.new(
+    :Realm => 'auth',
+    :UserDB => WEBrick::HTTPAuth::Htpasswd.new(File.expand_path('./htpasswd', File.dirname(__FILE__))),
+    :Logger => Logger.new(File::NULL),
+  )
+
  def create_servlet
    s = XMLRPC::WEBrickServlet.new

+    def s.service(req, res)
+      @@basic_auth.authenticate(req, res)
+      super(req, res)
+    end
+
    s.add_handler("test.add") do |a,b|
      a + b
    end
@ -46,8 +58,6 @@ class Test_Webrick < Test::Unit::TestCase
    end

    start_server(option) {|w| w.mount('/RPC2', create_servlet) }
-
-    @s = XMLRPC::Client.new3(:port => port, :use_ssl => use_ssl)
  end

  PORT = 8070
@ -56,13 +66,33 @@ class Test_Webrick < Test::Unit::TestCase
    [false].each do |use_ssl|
      begin
        setup_http_server(PORT, use_ssl)
-        do_test
+        @s = XMLRPC::Client.new3(:port => PORT, :use_ssl => use_ssl)
+        @s.user = 'admin'
+        @s.password = 'admin'
+        silent do
+          do_test
+        end
+        @s = XMLRPC::Client.new3(:port => PORT, :use_ssl => use_ssl)
+        @s.user = '01234567890123456789012345678901234567890123456789012345678901234567890123456789'
+        @s.password = 'guest'
+        silent do
+          do_test
+        end
      ensure
        stop_server
      end
    end
  end

+  def silent
+    begin
+      back, $VERBOSE = $VERBOSE, nil
+      yield
+    ensure
+      $VERBOSE = back
+    end
+  end
+
  def do_test
    # simple call
    assert_equal 9, @s.call('test.add', 4, 5)