Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12-SP4:GA
rubygem-rack
rubygem-rack-CVE-2022-30122.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-rack-CVE-2022-30122.patch of Package rubygem-rack
Index: rack-1.6.13/lib/rack/multipart/parser.rb =================================================================== --- rack-1.6.13.orig/lib/rack/multipart/parser.rb +++ rack-1.6.13/lib/rack/multipart/parser.rb @@ -159,8 +159,9 @@ module Rack when RFC2183 filename = Hash[head.scan(DISPPARM)]['filename'] filename = $1 if filename and filename =~ /^"(.*)"$/ - when BROKEN_QUOTED, BROKEN_UNQUOTED + when BROKEN filename = $1 + filename = $1 if filename =~ /^"(.*)"$/ end return unless filename Index: rack-1.6.13/lib/rack/multipart.rb =================================================================== --- rack-1.6.13.orig/lib/rack/multipart.rb +++ rack-1.6.13/lib/rack/multipart.rb @@ -14,8 +14,8 @@ module Rack CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/ RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i - BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i - BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i + VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/ + BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name="?([^\";]*)"?/ni MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
