Project

General

Profile

Actions

Bug #14664

closed

After upgrade to 2.4.4: header field value cannot include CR/LF

Added by davidhrbac (David Hrbáč) over 6 years ago. Updated over 6 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
ruby 2.4.4p296 (2018-03-28 revision 63013) [x86_64-linux]
[ruby-core:86448]

Description

We are experiencing this issue after upgrading from ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux] to ruby 2.4.4p296 (2018-03-28 revision 63013) [x86_64-linux]. Reverting back to 2.4.3 the code works.

header field value cannot include CR/LF
/home/anselm-dashboard/.rvm/rubies/ruby-2.4.4/lib/ruby/2.4.0/net/http/header.rb:23:in `block in initialize_http_header'
/home/anselm-dashboard/.rvm/rubies/ruby-2.4.4/lib/ruby/2.4.0/net/http/header.rb:16:in `each'
/home/anselm-dashboard/.rvm/rubies/ruby-2.4.4/lib/ruby/2.4.0/net/http/header.rb:16:in `initialize_http_header'
/home/anselm-dashboard/.rvm/rubies/ruby-2.4.4/lib/ruby/2.4.0/net/http/generic_request.rb:44:in `initialize'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:62:in `new'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:62:in `create_request'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:82:in `perform_request'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:40:in `block in call'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:87:in `with_net_http_connection'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:32:in `call'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/faraday-0.9.2/lib/faraday/response.rb:8:in `call'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google-api-client-0.8.6/lib/google/api_client/request.rb:163:in `send'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google-api-client-0.8.6/lib/google/api_client.rb:648:in `block (2 levels) in execute!'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/retriable-1.4.1/lib/retriable/retry.rb:27:in `perform'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/retriable-1.4.1/lib/retriable.rb:15:in `retriable'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google-api-client-0.8.6/lib/google/api_client.rb:645:in `block in execute!'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/retriable-1.4.1/lib/retriable/retry.rb:27:in `perform'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/retriable-1.4.1/lib/retriable.rb:15:in `retriable'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google-api-client-0.8.6/lib/google/api_client.rb:636:in `execute!'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google-api-client-0.8.6/lib/google/api_client.rb:368:in `discovery_document'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google-api-client-0.8.6/lib/google/api_client.rb:413:in `discovered_api'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google_drive-1.0.6/lib/google_drive/api_client_fetcher.rb:36:in `initialize'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google_drive-1.0.6/lib/google_drive/session.rb:78:in `new'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google_drive-1.0.6/lib/google_drive/session.rb:78:in `initialize'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google_drive-1.0.6/lib/google_drive.rb:77:in `new'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/google_drive-1.0.6/lib/google_drive.rb:77:in `login_with_oauth'
/opt/anselm-dashboard/jobs/google_spreadsheet.rb:60:in `block in <top (required)>'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/rufus-scheduler-2.0.24/lib/rufus/sc/jobs.rb:230:in `trigger_block'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/rufus-scheduler-2.0.24/lib/rufus/sc/jobs.rb:204:in `block in trigger'
/home/anselm-dashboard/.rvm/gems/ruby-2.4.4/gems/rufus-scheduler-2.0.24/lib/rufus/sc/scheduler.rb:430:in `block in trigger_job'
  1 require 'google/api_client'
  2 require 'google/api_client/client_secrets'
  3 require 'google/api_client/auth/file_storage'
  4 require 'google/api_client/auth/installed_app'
  5 require 'google_drive'
  6 
  7 CELLS_ROW_NUMBER = 3
  8 CELLS_COLUMN_NUMBER = 3
  9 
 10 SUPERVISORS = {

 29 }
 30 
 31 SUPERVISORS.default = 'N/A'
 32 
 33 def authorize
 34   client = Google::APIClient.new(
 35     :application_name => 'Get Value from Google SpreadSheet for Dashing',
 36     :application_version => '1.0.0')
 37 
 38   file_storage = Google::APIClient::FileStorage.new('credential-oauth2.json')
 39   if file_storage.authorization.nil?
 40     flow = Google::APIClient::InstalledAppFlow.new(
 41       :client_id => ENV['GOOGLE_DRIVE_CLIENT_ID'],
 42       :client_secret => ENV['GOOGLE_DRIVE_CLIENT_SECRET'],
 43       :scope => %w(
 44         https://www.googleapis.com/auth/drive
 45         https://docs.google.com/feeds/
 46         https://docs.googleusercontent.com/
 47         https://spreadsheets.google.com/feeds/
 48       ),
 49     )
 50     client.authorization = flow.authorize(file_storage)
 51   else
 52     client.authorization = file_storage.authorization
 53   end
 54 
 55   client
 56 end
 57 
 58 SCHEDULER.every '10m', :first_in => 0 do |job|
 59   client = authorize
 60   session = GoogleDrive.login_with_oauth(client.authorization.access_token)
 61   people=[]
 62   for day in -1..1 do

 79   end
 80 end

Updated by naruse (Yui NARUSE) over 6 years ago

  • Status changed from Open to Rejected

It's from r61359 because HTTP doesn't allow CRLF in their header value.
I think your application was silently broken from before.

Updated by normalperson (Eric Wong) over 6 years ago

wrote:

It's from r61359 because HTTP doesn't allow CRLF in their header value.
I think your application was silently broken from before.

CRLF followed by leading-whitespace (LWS) should be allowed

"Host:\r\n\texample.com\r\n"
"Host:\r\n example.com\r\n"

I think it's necessary for some base64-encoded proxy
certificates embedded in headers

https://bugs.ruby-lang.org/issues/14664#change-71384

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0