rubygem-webrick/backport-fix-CVE-2024-47220.patch

From f5faca9222541591e1a7c3c97552ebb0c92733c7 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Wed, 18 Sep 2024 14:11:49 -0700
Subject: [PATCH] Prevent request smuggling

If a request has both a content-length and transfer-encoding
headers, return a 400 response.  This is allowed by RFC 7230
section 3.3.3.3.

Fixes #145
---
 lib/webrick/httprequest.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
index d34eac7..15f95a0 100644
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@@ -507,6 +507,10 @@ module WEBrick
     def read_body(socket, block)
       return unless socket
       if tc = self['transfer-encoding']
+        if self['content-length']   
+          raise HTTPStatus::BadRequest, "request with both transfer-encoding and content-length, possible request smuggling"
+        end
+
         case tc
         when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
-- 
2.46.0
Fix CVE-2024-47220 (cherry picked from commit f3af4d9caf00d2e918aea13e9dc0bdeae17b02a4) 2024-09-29 15:40:56 +08:00			`From f5faca9222541591e1a7c3c97552ebb0c92733c7 Mon Sep 17 00:00:00 2001`
			`From: Jeremy Evans <code@jeremyevans.net>`
			`Date: Wed, 18 Sep 2024 14:11:49 -0700`
			`Subject: [PATCH] Prevent request smuggling`

			`If a request has both a content-length and transfer-encoding`
			`headers, return a 400 response. This is allowed by RFC 7230`
			`section 3.3.3.3.`

			`Fixes #145`
			`---`
			`lib/webrick/httprequest.rb \| 4 ++++`
			`1 file changed, 4 insertions(+)`

			`diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb`
			`index d34eac7..15f95a0 100644`
			`--- a/lib/webrick/httprequest.rb`
			`+++ b/lib/webrick/httprequest.rb`
			`@@ -507,6 +507,10 @@ module WEBrick`
			`def read_body(socket, block)`
			`return unless socket`
			`if tc = self['transfer-encoding']`
			`+ if self['content-length']`
			`+ raise HTTPStatus::BadRequest, "request with both transfer-encoding and content-length, possible request smuggling"`
			`+ end`
			`+`
			`case tc`
			`when /\Achunked\z/io then read_chunked(socket, block)`
			`else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."`
			`--`
			`2.46.0`