Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
rubygem-puma.35973
CVE-2023-40175.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-40175.patch of Package rubygem-puma.35973
From bcacf82e960c92190ded5d575d715fa937381bf9 Mon Sep 17 00:00:00 2001 From: Nate Berkopec <nate.berkopec@gmail.com> Date: Fri, 18 Aug 2023 09:47:23 +0900 Subject: [PATCH] Merge pull request from GHSA-68xg-gqqm-vgj8 * Reject empty string for Content-Length * Ignore trailers in last chunk * test_puma_server.rb - use heredoc, test_cl_and_te_smuggle * client.rb - stye/RubyCop * test_puma_server.rb - indented heredoc rubocop disable * Dentarg comments * Remove unused variable --------- Co-authored-by: MSP-Greg <Greg.mpls@gmail.com> (cherry picked from commit 7405a219801dcebc0ad6e0aa108d4319ca23f662) Conflicts: test/test_puma_server.rb --- lib/puma/client.rb | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/lib/puma/client.rb b/lib/puma/client.rb index 5c6b676a..cd89e8fe 100644 --- a/lib/puma/client.rb +++ b/lib/puma/client.rb @@ -45,7 +45,8 @@ module Puma # chunked body validation CHUNK_SIZE_INVALID = /[^\h]/.freeze - CHUNK_VALID_ENDING = "\r\n".freeze + CHUNK_VALID_ENDING = Const::LINE_END + CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize # Content-Length header value validation CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze @@ -329,8 +330,8 @@ module Puma cl = @env[CONTENT_LENGTH] if cl - # cannot contain characters that are not \d - if cl =~ CONTENT_LENGTH_VALUE_INVALID + # cannot contain characters that are not \d, or be empty + if cl =~ CONTENT_LENGTH_VALUE_INVALID || cl.empty? raise HttpParserError, "Invalid Content-Length: #{cl.inspect}" end else @@ -481,7 +482,7 @@ module Puma while !io.eof? line = io.gets - if line.end_with?("\r\n") + if line.end_with?(CHUNK_VALID_ENDING) # Puma doesn't process chunk extensions, but should parse if they're # present, which is the reason for the semicolon regex chunk_hex = line.strip[/\A[^;]+/] @@ -493,13 +494,19 @@ module Puma @in_last_chunk = true @body.rewind rest = io.read - last_crlf_size = "\r\n".bytesize - if rest.bytesize < last_crlf_size + if rest.bytesize < CHUNK_VALID_ENDING_SIZE @buffer = nil - @partial_part_left = last_crlf_size - rest.bytesize + @partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize return false else - @buffer = rest[last_crlf_size..-1] + # if the next character is a CRLF, set buffer to everything after that CRLF + start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING) + CHUNK_VALID_ENDING_SIZE + else # we have started a trailer section, which we do not support. skip it! + rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2 + end + + @buffer = rest[start_of_rest..-1] @buffer = nil if @buffer.empty? set_ready return true -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor