Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rack::Request#host returns unexpected host when the domain starts with a number #1590

Closed
pocke opened this issue Feb 10, 2020 · 4 comments
Closed

Comments

@pocke
Copy link

@pocke pocke commented Feb 10, 2020

Problem

Rack::Request#host returns unexpected host when the domain starts with a number.

Rack v2.1.2 returns host correctly.

gem 'rack', '2.1.2'
require 'rack'

p Rack::Request.new({'HTTP_HOST' => '123foo.example.com'}).host
# => "123foo.example.com"

But Rack v2.2.0 (and v2.2.1) returns a part of the host unexpectedly.

gem 'rack', '2.2.0'
require 'rack'


p Rack::Request.new({'HTTP_HOST' => '123foo.example.com'}).host
# => "123"

I guess the cause is the following pull request. #1561

rack/lib/rack/request.rb

Lines 601 to 615 in 838ce3a

AUTHORITY = /
# The host:
(?<host>
# An IPv6 address:
(\[(?<ip6>.*)\])
|
# An IPv4 address:
(?<ip4>[\d\.]+)
|
# A hostname:
(?<name>[a-zA-Z0-9\.\-]+)
)
# The optional port:
(:(?<port>\d+))?
/x

The AUTHORITY regexp looks too loose. 123 matches as an ip4, but it is not an ip4.

@ioquatix
Copy link
Member

@ioquatix ioquatix commented Feb 10, 2020

Yes, that's correct, I guess we need to force it to match the full string. Thanks for the report.

@ioquatix
Copy link
Member

@ioquatix ioquatix commented Feb 10, 2020

I thought it would be greedy by default but it wasn't.

Changing AUTHORITY to:

AUTHORITY = /^
	# The host:
	(?<host>
		# An IPv6 address:
		(\[(?<ip6>.*)\])
		|
		# An IPv4 address:
		(?<ip4>[\d\.]+)
		|
		# A hostname:
		(?<name>[a-zA-Z0-9\.\-]+)
	)
	# The optional port:
	(:(?<port>\d+))?
$/x

fixes the issue for me.

ioquatix added a commit that referenced this issue Feb 10, 2020
@ioquatix ioquatix closed this in 784dcd2 Feb 10, 2020
@pocke
Copy link
Author

@pocke pocke commented Feb 10, 2020

Thank you for quick fixing!

ioquatix added a commit that referenced this issue Feb 10, 2020
@ioquatix
Copy link
Member

@ioquatix ioquatix commented Feb 10, 2020

Released now in v2.2.2 - thanks for reporting the issue with an easy repro!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.