Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Step:15
rubygem-rack
rubygem-rack-CVE-2022-30122.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-rack-CVE-2022-30122.patch of Package rubygem-rack
Index: rack-2.0.8/lib/rack/multipart/parser.rb =================================================================== --- rack-2.0.8.orig/lib/rack/multipart/parser.rb +++ rack-2.0.8/lib/rack/multipart/parser.rb @@ -302,8 +302,9 @@ module Rack elsif filename = params['filename*'] encoding, _, filename = filename.split("'", 3) end - when BROKEN_QUOTED, BROKEN_UNQUOTED + when BROKEN filename = $1 + filename = $1 if filename =~ /^"(.*)"$/ end return unless filename Index: rack-2.0.8/lib/rack/multipart.rb =================================================================== --- rack-2.0.8.orig/lib/rack/multipart.rb +++ rack-2.0.8/lib/rack/multipart.rb @@ -14,8 +14,7 @@ module Rack TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/ CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/ - BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i - BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i + BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name=(#{VALUE})/ni MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor