packages/python-aiohttp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-aiohttp/CVE-2023-49082.patch
starlet-dx 9d926e8cf7 Fix CVE-2023-47627,CVE-2023-49082,CVE-2024-23334,CVE-2024-23829,CVE-2024-27306 and CVE-2024-30251 
(cherry picked from commit dabdc40effcfef17ad7e2a967edf709e75859b23)
2025-03-06 10:11:34 +08:00

61 lines
2.2 KiB
Diff
Raw Permalink Blame History

From: Ben Kallus <49924171+kenballus@users.noreply.github.com>
Date: Wed, 18 Oct 2023 12:18:35 -0400
Subject: Backport 493f06797654c383242f0e8007f6e06b818a1fbc to 3.9 (#7730)
---
aiohttp/http_parser.py | 6 ++++--
tests/test_http_parser.py | 9 ++++++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py
index 3862bbe..8e5e816 100644
--- a/aiohttp/http_parser.py
+++ b/aiohttp/http_parser.py
@@ -55,7 +55,9 @@ ASCIISET = set(string.printable)
# token = 1*tchar
METHRE = re.compile(r"[!#$%&'*+\-.^_`|~0-9A-Za-z]+")
VERSRE: Final[Pattern[str]] = re.compile(r"HTTP/(\d).(\d)")
-HDRRE: Final[Pattern[bytes]] = re.compile(rb"[\x00-\x1F\x7F()<>@,;:\[\]={} \t\"\\]")
+HDRRE: Final[Pattern[bytes]] = re.compile(
+ rb"[\x00-\x1F\x7F-\xFF()<>@,;:\[\]={} \t\"\\]"
+)
RawRequestMessage = collections.namedtuple(
"RawRequestMessage",
@@ -523,7 +525,7 @@ class HttpRequestParser(HttpParser):
# request line
line = lines[0].decode("utf-8", "surrogateescape")
try:
- method, path, version = line.split(maxsplit=2)
+ method, path, version = line.split(" ", maxsplit=2)
except ValueError:
raise BadStatusLine(line) from None
diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py
index d584f15..9d65b2f 100644
--- a/tests/test_http_parser.py
+++ b/tests/test_http_parser.py
@@ -397,6 +397,7 @@ def test_cve_2023_37276(parser: Any) -> None:
"Baz: abc\x00def",
"Foo : bar", # https://www.rfc-editor.org/rfc/rfc9112.html#section-5.1-2
"Foo\t: bar",
+ "\xffoo: bar",
),
)
def test_bad_headers(parser: Any, hdr: str) -> None:
@@ -562,7 +563,13 @@ def test_http_request_bad_status_line(parser) -> None:
parser.feed_data(text)
-def test_http_request_upgrade(parser) -> None:
+def test_http_request_bad_status_line_whitespace(parser: Any) -> None:
+ text = b"GET\n/path\fHTTP/1.1\r\n\r\n"
+ with pytest.raises(http_exceptions.BadStatusLine):
+ parser.feed_data(text)
+
+
+def test_http_request_upgrade(parser: Any) -> None:
text = (
b"GET /test HTTP/1.1\r\n"
b"connection: upgrade\r\n"
Reference in New Issue View Git Blame Copy Permalink