Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rack::Request#host returns unexpected host when the domain starts with a number #1590

Closed
pocke opened this issue Feb 10, 2020 · 4 comments · Fixed by lucasgallen/patchwork#12, T-o-s-s-h-y/Learning#110, Madek/madek-graphql-api#39, imoisharma/EKs-Infrastructure-Work#1 or amrith92/Brain-Hunt#3
Closed

Rack::Request#host returns unexpected host when the domain starts with a number #1590

pocke opened this issue Feb 10, 2020 · 4 comments · Fixed by lucasgallen/patchwork#12, T-o-s-s-h-y/Learning#110, Madek/madek-graphql-api#39, imoisharma/EKs-Infrastructure-Work#1 or amrith92/Brain-Hunt#3

Comments

@pocke
Copy link

pocke commented Feb 10, 2020

Problem

Rack::Request#host returns unexpected host when the domain starts with a number.

Rack v2.1.2 returns host correctly.

gem 'rack', '2.1.2'
require 'rack'

p Rack::Request.new({'HTTP_HOST' => '123foo.example.com'}).host
# => "123foo.example.com"

But Rack v2.2.0 (and v2.2.1) returns a part of the host unexpectedly.

gem 'rack', '2.2.0'
require 'rack'


p Rack::Request.new({'HTTP_HOST' => '123foo.example.com'}).host
# => "123"

I guess the cause is the following pull request. #1561

rack/lib/rack/request.rb

Lines 601 to 615 in 838ce3a

AUTHORITY = /
# The host:
(?<host>
# An IPv6 address:
(\[(?<ip6>.*)\])
|
# An IPv4 address:
(?<ip4>[\d\.]+)
|
# A hostname:
(?<name>[a-zA-Z0-9\.\-]+)
)
# The optional port:
(:(?<port>\d+))?
/x

The AUTHORITY regexp looks too loose. 123 matches as an ip4, but it is not an ip4.
@ioquatix
Copy link
Member

Yes, that's correct, I guess we need to force it to match the full string. Thanks for the report.

@ioquatix
Copy link
Member

I thought it would be greedy by default but it wasn't.

Changing AUTHORITY to:

AUTHORITY = /^
	# The host:
	(?<host>
		# An IPv6 address:
		(\[(?<ip6>.*)\])
		|
		# An IPv4 address:
		(?<ip4>[\d\.]+)
		|
		# A hostname:
		(?<name>[a-zA-Z0-9\.\-]+)
	)
	# The optional port:
	(:(?<port>\d+))?
$/x

fixes the issue for me.

ioquatix added a commit that referenced this issue Feb 10, 2020
@ioquatix
Ensure full match. Fixes #1590.
15514e8
@pocke
Copy link
Author

pocke commented Feb 10, 2020

Thank you for quick fixing!

ioquatix added a commit that referenced this issue Feb 10, 2020
@ioquatix
Ensure full match. Fixes #1590.
a9b223b
@ioquatix
Copy link
Member

Released now in v2.2.2 - thanks for reporting the issue with an easy repro!

@pvande pvande mentioned this issue Feb 15, 2020
Closed
This was referenced Mar 7, 2021
Open
Closed
Closed
Merged
Open
Closed
Closed
Closed
Open
Open
Closed
Open
Merged
Open
Closed
Closed
This was referenced Mar 14, 2021
Closed
Open
Closed
Open
Open
Merged
This was referenced Mar 15, 2021
Open
Open
Open
Open
Merged
Open
Closed
Open
Merged
Closed
Open
Open
Open
Open
Open
Merged
Open
Closed
Closed
Closed
Merged
Closed
Merged
Open
Open
Open
@sync-by-unito sync-by-unito bot mentioned this issue Apr 9, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@ioquatix @pocke