Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: ensures timeouts are correctly used on connect (#13455)

This commit is contained in:
Joffrey JAFFEUX 2021-06-21 17:34:01 +02:00 committed by GitHub
parent 515fd8a4c3
commit e50b7e9111
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/final_destination.rb
View File

@ -196,6 +196,7 @@ class FinalDestination
response = Excon.public_send(@http_verb, response = Excon.public_send(@http_verb,
@uri.to_s, @uri.to_s,
read_timeout: timeout, read_timeout: timeout,
connect_timeout: timeout,
headers: headers, headers: headers,
middlewares: middlewares middlewares: middlewares
) )

6
lib/onebox/helpers.rb
View File

@ -63,8 +63,7 @@ module Onebox
end end
result = StringIO.new result = StringIO.new
Net::HTTP.start(uri.host, uri.port, use_ssl: uri.normalized_scheme == 'https') do |http| Net::HTTP.start(uri.host, uri.port, open_timeout: Onebox.options.connect_timeout, use_ssl: uri.normalized_scheme == 'https') do |http|
http.open_timeout = Onebox.options.connect_timeout
http.read_timeout = Onebox.options.timeout http.read_timeout = Onebox.options.timeout
http.verify_mode = OpenSSL::SSL::VERIFY_NONE # Work around path building bugs http.verify_mode = OpenSSL::SSL::VERIFY_NONE # Work around path building bugs
@ -118,8 +117,7 @@ module Onebox
def self.fetch_content_length(location) def self.fetch_content_length(location)
uri = URI(location) uri = URI(location)
Net::HTTP.start(uri.host, uri.port, use_ssl: uri.is_a?(URI::HTTPS)) do |http| Net::HTTP.start(uri.host, uri.port, open_timeout: Onebox.options.connect_timeout, use_ssl: uri.is_a?(URI::HTTPS)) do |http|
http.open_timeout = Onebox.options.connect_timeout
http.read_timeout = Onebox.options.timeout http.read_timeout = Onebox.options.timeout
if uri.is_a?(URI::HTTPS) if uri.is_a?(URI::HTTPS)
http.use_ssl = true http.use_ssl = true

3
lib/oneboxer.rb
View File

@ -407,7 +407,8 @@ module Oneboxer
ignore_hostnames: blocked_domains, ignore_hostnames: blocked_domains,
force_get_hosts: force_get_hosts, force_get_hosts: force_get_hosts,
force_custom_user_agent_hosts: force_custom_user_agent_hosts, force_custom_user_agent_hosts: force_custom_user_agent_hosts,
preserve_fragment_url_hosts: preserve_fragment_url_hosts preserve_fragment_url_hosts: preserve_fragment_url_hosts,
timeout: 5
} }
if strategy && Oneboxer.strategies[strategy][:force_get_host] if strategy && Oneboxer.strategies[strategy][:force_get_host]