31 lines
764 B
Diff
31 lines
764 B
Diff
From 72ecb3f4e05b2fc0a5073d23fd178686818eb958 Mon Sep 17 00:00:00 2001
|
|
From: Aaron Patterson <tenderlove@ruby-lang.org>
|
|
Date: Tue, 13 Feb 2024 13:34:34 -0800
|
|
Subject: [PATCH] Return an empty array when ranges are too large
|
|
|
|
If the sum of the requested ranges is larger than the file itself,
|
|
return an empty array. In other words, refuse to respond with any bytes.
|
|
|
|
[CVE-2024-26141]
|
|
---
|
|
lib/rack/utils.rb | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
|
|
index ca6182c..199312f 100644
|
|
--- a/lib/rack/utils.rb
|
|
+++ b/lib/rack/utils.rb
|
|
@@ -379,6 +379,9 @@ module Rack
|
|
end
|
|
ranges << (r0..r1) if r0 <= r1
|
|
end
|
|
+
|
|
+ return [] if ranges.map(&:size).sum > size
|
|
+
|
|
ranges
|
|
end
|
|
|
|
--
|
|
2.43.0
|
|
|