RubyForge: Mongrel: File Release Notes and Changelog

Notes:
Release Name: 0.97.1

Notes:
Unicorn is an HTTP server for Rack applications designed to only serve
fast clients on low-latency, high-bandwidth connections and take
advantage of features in Unix/Unix-like kernels.  Slow clients should
only be served by placing a reverse proxy capable of fully buffering
both the the request and response in between Unicorn and slow clients.

* http://unicorn.bogomips.org/
* mongrel-unicorn@rubyforge.org
* git://git.bogomips.org/unicorn.git

Changes:

This release fixes a denial-of-service vector for derived
servers exposed directly to untrusted clients.

This bug does not affect most Unicorn deployments as Unicorn is
only supported with trusted clients (such as nginx) on a LAN.
nginx is known to reject clients that send invalid
Content-Length headers, so any deployments on a trusted LAN
and/or behind nginx are safe.

Servers affected by this bug include (but are not limited to)
Rainbows! and Zbatery.  This bug does not affect Thin nor
Mongrel, as neither got the request body filtering treatment
that the Unicorn HTTP parser got in August 2009.

The bug fixed in this release could result in a
denial-of-service as it would trigger a process-wide assertion
instead of raising an exception.  For servers such as
Rainbows!/Zbatery that serve multiple clients per worker
process, this could abort all clients connected to the
particular worker process that hit the assertion.



Changes:
 GIT-VERSION-GEN                  |    2 +-
 ext/unicorn_http/c_util.h        |    8 ++++++--
 lib/unicorn/const.rb             |    2 +-
 test/unit/test_http_parser_ng.rb |   20 ++++++++++++++++++++
 4 files changed, 28 insertions(+), 4 deletions(-)

commit 3ce92574b356e4cb054b1291e1f035173420f12a
Author: Eric Wong 
Date:   Mon Apr 19 13:50:40 2010 -0700

    unicorn 0.97.1 - fix HTTP parser for Rainbows!/Zbatery
    
    This release fixes a denial-of-service vector for derived
    servers exposed directly to untrusted clients.
    
    This bug does not affect most Unicorn deployments as Unicorn is
    only supported with trusted clients (such as nginx) on a LAN.
    nginx is known to reject clients that send invalid
    Content-Length headers, so any deployments on a trusted LAN
    and/or behind nginx are safe.
    
    Servers affected by this bug include (but are not limited to)
    Rainbows! and Zbatery.  This bug does not affect Thin nor
    Mongrel, as neither got the request body filtering treatment
    that the Unicorn HTTP parser got in August 2009.
    
    The bug fixed in this release could result in a
    denial-of-service as it would trigger a process-wide assertion
    instead of raising an exception.  For servers such as
    Rainbows!/Zbatery that serve multiple clients per worker
    process, this could abort all clients connected to the
    particular worker process that hit the assertion.

commit e2c16da9ddf2572887f29f9a7d1165531cacbcbd
Author: Eric Wong 
Date:   Mon Apr 19 13:40:37 2010 -0700

    http: negative/invalid Content-Length raises exception
    
    ...instead of tripping an assertion.
    
    This fixes a potential denial-of-service for servers exposed directly
    to untrusted clients.
    
    This bug does not affect supported Unicorn deployments as Unicorn is
    only supported with trusted clients (such as nginx) on a LAN.  nginx is
    known to reject clients that send invalid Content-Length headers, so any
    deployments on a trusted LAN and/or behind nginx are safe.
    
    Servers affected by this bug include (but are not limited to) Rainbows!
    and Zbatery.  This does not affect Thin nor Mongrel which never got
    request body filtering treatment that the Unicorn HTTP parser got in
    August 2009.