python-bottle/CVE-2022-31799.patch

From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Thu, 26 May 2022 14:49:32 +0200
Subject: [PATCH] Gracefully handle errors during early request binding.

---
 bottle.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/bottle.py b/bottle.py
index 04ccf7da..035f99ec 100644
--- a/bottle.py
+++ b/bottle.py
@@ -848,17 +848,19 @@ def default_error_handler(self, res):
         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
 
     def _handle(self, environ):
-        path = environ['bottle.raw_path'] = environ['PATH_INFO']
-        if py3k:
-            try:
-                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
-            except UnicodeError:
-                return HTTPError(400, 'Invalid path string. Expected UTF-8')
-
         try:
+
             environ['bottle.app'] = self
             request.bind(environ)
             response.bind()
+
+            path = environ['bottle.raw_path'] = environ['PATH_INFO']
+            if py3k:
+                try:
+                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+                except UnicodeError:
+                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
+
             try:
                 self.trigger_hook('before_request')
                 route, args = self.router.match(environ)
Fix CVE-2022-31799 2022-06-14 09:58:14 +08:00			`From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001`
			`From: Marcel Hellkamp <marc@gsites.de>`
			`Date: Thu, 26 May 2022 14:49:32 +0200`
			`Subject: [PATCH] Gracefully handle errors during early request binding.`

			`---`
			`bottle.py \| 16 +++++++++-------`
			`1 file changed, 9 insertions(+), 7 deletions(-)`

			`diff --git a/bottle.py b/bottle.py`
			`index 04ccf7da..035f99ec 100644`
			`--- a/bottle.py`
			`+++ b/bottle.py`
			`@@ -848,17 +848,19 @@ def default_error_handler(self, res):`
			`return tob(template(ERROR_PAGE_TEMPLATE, e=res))`

			`def _handle(self, environ):`
			`- path = environ['bottle.raw_path'] = environ['PATH_INFO']`
			`- if py3k:`
			`- try:`
			`- environ['PATH_INFO'] = path.encode('latin1').decode('utf8')`
			`- except UnicodeError:`
			`- return HTTPError(400, 'Invalid path string. Expected UTF-8')`
			`-`
			`try:`
			`+`
			`environ['bottle.app'] = self`
			`request.bind(environ)`
			`response.bind()`
			`+`
			`+ path = environ['bottle.raw_path'] = environ['PATH_INFO']`
			`+ if py3k:`
			`+ try:`
			`+ environ['PATH_INFO'] = path.encode('latin1').decode('utf8')`
			`+ except UnicodeError:`
			`+ return HTTPError(400, 'Invalid path string. Expected UTF-8')`
			`+`
			`try:`
			`self.trigger_hook('before_request')`
			`route, args = self.router.match(environ)`