Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:sp5-rebuild
python-aiohttp.31991
CVE-2023-47641.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-47641.patch of Package python-aiohttp.31991
--- aiohttp/http_parser.py.orig +++ aiohttp/http_parser.py @@ -14,6 +14,7 @@ from . import hdrs from .base_protocol import BaseProtocol from .helpers import NO_EXTENSIONS, BaseTimerContext from .http_exceptions import ( + BadHttpMessage, BadStatusLine, ContentEncodingError, ContentLengthError, @@ -406,8 +407,11 @@ class HttpParser(abc.ABC): # chunking te = headers.get(hdrs.TRANSFER_ENCODING) - if te and 'chunked' in te.lower(): - chunked = True + if te is not None: + if 'chunked' in te.lower(): + chunked = True + if hdrs.CONTENT_LENGTH in headers: + raise BadHttpMessage('unexpected content-length header') return (headers, raw_headers, close_conn, encoding, upgrade, chunked) --- tests/test_http_parser.py.orig +++ tests/test_http_parser.py @@ -268,6 +268,15 @@ def test_request_chunked(parser) -> None assert isinstance(payload, streams.StreamReader) +def test_request_te_chunked_with_content_length(parser) -> None: + text = (b'GET /test HTTP/1.1\r\n' + b'content-length: 1234\r\n' + b'transfer-encoding: chunked123\r\n\r\n' + ) + with pytest.raises(http_exceptions.BadHttpMessage): + parser.feed_data(text) + + def test_conn_upgrade(parser) -> None: text = (b'GET /test HTTP/1.1\r\n' b'connection: upgrade\r\n' --- vendor/http-parser/http_parser.c.orig +++ vendor/http-parser/http_parser.c @@ -1548,6 +1548,10 @@ reexecute: h_state = h_general; } else if (parser->index == sizeof(CHUNKED)-2) { h_state = h_transfer_encoding_chunked; + if (parser->flags & F_CONTENTLENGTH) { + SET_ERRNO(HPE_INVALID_CONTENT_LENGTH); + goto error; + } } break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor