packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!218 [sync] PR-217: fix CVE-2024-47220

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @shinwell_hu 
Signed-off-by: @shinwell_hu
This commit is contained in:
openeuler-ci-bot 2024-10-08 10:31:48 +00:00 committed by Gitee
commit 2c685aa253
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
backport-CVE-2024-47220.patch Normal file
View File

@ -0,0 +1,62 @@
From f5faca9222541591e1a7c3c97552ebb0c92733c7 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Wed, 18 Sep 2024 14:11:49 -0700
Subject: [PATCH] Prevent request smuggling
If a request has both a content-length and transfer-encoding
headers, return a 400 response. This is allowed by RFC 7230
section 3.3.3.3.
Fixes #145
---
tool/lib/webrick/httprequest.rb | 4 ++++
tool/test/webrick/test_httprequest.rb | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/tool/lib/webrick/httprequest.rb b/tool/lib/webrick/httprequest.rb
index 5cf5844..820acb2 100644
--- a/tool/lib/webrick/httprequest.rb
+++ b/tool/lib/webrick/httprequest.rb
@@ -474,6 +474,10 @@ module WEBrick
def read_body(socket, block)
return unless socket
if tc = self['transfer-encoding']
+ if self['content-length']
+ raise HTTPStatus::BadRequest, "request with both transfer-encoding and content-length, possible request smuggling"
+ end
+
case tc
when /\Achunked\z/io then read_chunked(socket, block)
else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
diff --git a/tool/test/webrick/test_httprequest.rb b/tool/test/webrick/test_httprequest.rb
index 855ff9d..cce9b91 100644
--- a/tool/test/webrick/test_httprequest.rb
+++ b/tool/test/webrick/test_httprequest.rb
@@ -81,6 +81,24 @@ GET /
}
end
+ def test_content_length_and_transfer_encoding_headers_smuggling
+ msg = <<~HTTP.gsub("\n", "\r\n")
+ POST /user HTTP/1.1
+ Content-Length: 28
+ Transfer-Encoding: chunked
+
+ 0
+
+ GET /admin HTTP/1.1
+
+ HTTP
+ req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+ req.parse(StringIO.new(msg))
+ assert_raise(WEBrick::HTTPStatus::BadRequest){
+ req.body
+ }
+ end
+
def test_parse_headers
msg = <<-_end_of_message_
GET /path HTTP/1.1
--
2.27.0

6
ruby.spec
View File

@ -33,7 +33,7 @@
Name: ruby
Version: %{ruby_version}
Release: 145
Release: 146
Summary: Object-oriented scripting language interpreter
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
URL: https://www.ruby-lang.org/en/
@ -101,6 +101,7 @@ Patch6024: upgrade-lib-rexml-to-3.3.1.patch
Patch6025: backport-CVE-2024-41946.patch
Patch6026: backport-CVE-2024-39908-CVE-2024-41123-upgrade-lib-rexml-to-3.3.3.patch
Patch6027: backport-CVE-2024-43398-upgrade-lib-rexml-to-3.3.6.patch
Patch6028: backport-CVE-2024-47220.patch
Provides: %{name}-libs = %{version}-%{release}
Obsoletes: %{name}-libs < %{version}-%{release}
@ -886,6 +887,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%{gem_dir}/specifications/matrix-%{matrix_version}.gemspec
%changelog
* Tue Oct 08 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-146
- fix CVE-2024-47220
* Thu Aug 29 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-145
- upgrade rexml to fix CVE-2024-39908 CVE-2024-41123 CVE-2024-43398