Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
python-aiohttp.19333
CVE-2021-21330.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-21330.patch of Package python-aiohttp.19333
diff -Nru aiohttp-3.4.4.orig/aiohttp/http_parser.py aiohttp-3.4.4/aiohttp/http_parser.py --- aiohttp-3.4.4.orig/aiohttp/http_parser.py 2018-09-05 09:40:54.000000000 +0200 +++ aiohttp-3.4.4/aiohttp/http_parser.py 2021-04-22 10:52:04.712257494 +0200 @@ -370,6 +370,9 @@ raise LineTooLong( 'Status line is too long', self.max_line_size, len(path)) + path_part, _hash_separator, url_fragment = path.partition("#") + path_part, _question_mark_separator, qs_part = path_part.partition("?") + # method method = method.upper() if not METHRE.match(method): @@ -396,8 +399,26 @@ close = False return RawRequestMessage( - method, path, version, headers, raw_headers, - close, compression, upgrade, chunked, URL(path)) + method, + path, + version, + headers, + raw_headers, + close, + compression, + upgrade, + chunked, + # NOTE: `yarl.URL.build()` is used to mimic what the Cython-based + # NOTE: parser does, otherwise it results into the same + # NOTE: HTTP Request-Line input producing different + # NOTE: `yarl.URL()` objects + URL.build( + path=path_part, + query_string=qs_part, + fragment=url_fragment, + encoded=True, + ), + ) class HttpResponseParser(HttpParser): diff -Nru aiohttp-3.4.4.orig/tests/test_http_parser.py aiohttp-3.4.4/tests/test_http_parser.py --- aiohttp-3.4.4.orig/tests/test_http_parser.py 2018-09-05 09:40:55.000000000 +0200 +++ aiohttp-3.4.4/tests/test_http_parser.py 2021-04-22 10:52:46.953355109 +0200 @@ -531,6 +531,7 @@ assert msg.method == 'GET' assert msg.path == '//path' + assert msg.url.path == "//path" assert msg.version == (1, 1) assert not msg.should_close assert msg.compression is None
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor