File CVE-2022-31081.patch of Package perl-HTTP-Daemon.25026

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-31081.patch of Package perl-HTTP-Daemon.25026

From e84475de51d6fd7b29354a997413472a99db70b2 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel@perceptyx.com>
Date: Thu, 16 Jun 2022 08:28:30 +0000
Subject: [PATCH] Fix Content-Length ', '-separated string issues

After a security issue, we ensure we comply to
RFC-7230 -- HTTP/1.1 Message Syntax and Routing
- section 3.3.2 -- Content-Length
- section 3.3.3 -- Message Body Length
---
 lib/HTTP/Daemon.pm |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -282,6 +282,32 @@ sub get_request
 
     }
     elsif ($len) {
+        # After a security issue, we ensure we comply to
+        # RFC-7230 -- HTTP/1.1 Message Syntax and Routing
+        # section 3.3.2 -- Content-Length
+        # section 3.3.3 -- Message Body Length
+
+        # split and clean up Content-Length ', ' separated string
+        my @vals = map {my $str = $_; $str =~ s/^\s+//; $str =~ s/\s+$//; $str }
+            split ',', $len;
+        # check that they are all numbers (RFC: Content-Length = 1*DIGIT)
+        my @nums = grep { /^[0-9]+$/} @vals;
+        unless (@vals == @nums) {
+            $self->send_error(400);
+            $self->reason("Content-Length value must be a unsigned integer");
+            return;
+        }
+        # check they are all the same
+        my $len = shift @nums;
+        foreach (@nums) {
+            next if $_ == $len;
+            $self->send_error(400);
+            $self->reason("Content-Length values are not the same");
+            return;
+        }
+        # ensure we have now a fixed header, with only 1 value
+        $r->header('Content-Length' => $len);
+
 	# Plain body specified by "Content-Length"
 	my $missing = $len - length($buf);
 	while ($missing > 0) {

Places

File CVE-2022-31081.patch of Package perl-HTTP-Daemon.25026

Places