diff options
| author | Narpat Mali <narpat.mali@windriver.com> | 2023-06-29 16:36:08 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-07-02 11:19:31 -0400 |
| commit | d8acec2e848b2146e43df1c11d0bdbb118eba9d9 (patch) | |
| tree | 5e6143648948600c7ef096ce0fe212559b93be04 /meta-python | |
| parent | 297bc1cc64b13794468eceec3f6a934a6716e59b (diff) | |
| download | meta-openembedded-d8acec2e848b2146e43df1c11d0bdbb118eba9d9.tar.gz | |
python3-werkzeug: fix for patch-fuzz
Modified the CVE-2023-23934.patch to fix the patch-fuzz.
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch index 0be97d2888..3a0f4324a1 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch +++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From b070a40ebbd89d88f4d8144a6ece017d33604d00 Mon Sep 17 00:00:00 2001 | 1 | From db1457abec7fe27148673f5f8bfdf5c52eb7f29f Mon Sep 17 00:00:00 2001 |
| 2 | From: David Lord <davidism@gmail.com> | 2 | From: David Lord <davidism@gmail.com> |
| 3 | Date: Wed, 10 May 2023 11:33:18 +0000 | 3 | Date: Wed, 10 May 2023 11:33:18 +0000 |
| 4 | Subject: [PATCH] Merge pull request from GHSA-px8h-6qxv-m22q | 4 | Subject: [PATCH] Merge pull request from GHSA-px8h-6qxv-m22q |
| @@ -17,26 +17,26 @@ Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/cf275f42ac | |||
| 17 | 17 | ||
| 18 | Signed-off-by: Narpat Mali <narpat.mali@windriver.com> | 18 | Signed-off-by: Narpat Mali <narpat.mali@windriver.com> |
| 19 | --- | 19 | --- |
| 20 | CHANGES.rst | 4 ++++ | 20 | CHANGES.rst | 3 +++ |
| 21 | src/werkzeug/_internal.py | 13 +++++++++---- | 21 | src/werkzeug/_internal.py | 13 +++++++++---- |
| 22 | src/werkzeug/http.py | 4 ---- | 22 | src/werkzeug/http.py | 4 ---- |
| 23 | tests/test_http.py | 4 +++- | 23 | tests/test_http.py | 4 +++- |
| 24 | 4 files changed, 16 insertions(+), 9 deletions(-) | 24 | 4 files changed, 15 insertions(+), 9 deletions(-) |
| 25 | 25 | ||
| 26 | diff --git a/CHANGES.rst b/CHANGES.rst | 26 | diff --git a/CHANGES.rst b/CHANGES.rst |
| 27 | index a351d7c..23505d3 100644 | 27 | index 6e809ba..13ef75b 100644 |
| 28 | --- a/CHANGES.rst | 28 | --- a/CHANGES.rst |
| 29 | +++ b/CHANGES.rst | 29 | +++ b/CHANGES.rst |
| 30 | @@ -1,5 +1,9 @@ | 30 | @@ -4,6 +4,9 @@ |
| 31 | .. currentmodule:: werkzeug | 31 | ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS |
| 32 | 32 | attack where a larger number of form/file parts would result in disproportionate | |
| 33 | resource use. | ||
| 33 | +- A cookie header that starts with ``=`` is treated as an empty key and discarded, | 34 | +- A cookie header that starts with ``=`` is treated as an empty key and discarded, |
| 34 | + rather than stripping the leading ``==``. | 35 | + rather than stripping the leading ``==``. |
| 35 | + | 36 | + |
| 36 | + | 37 | |
| 37 | Version 2.1.1 | 38 | Version 2.1.1 |
| 38 | ------------- | 39 | ------------- |
| 39 | |||
| 40 | diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py | 40 | diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py |
| 41 | index a8b3523..d6290ba 100644 | 41 | index a8b3523..d6290ba 100644 |
| 42 | --- a/src/werkzeug/_internal.py | 42 | --- a/src/werkzeug/_internal.py |
| @@ -55,14 +55,14 @@ index a8b3523..d6290ba 100644 | |||
| 55 | i = 0 | 55 | i = 0 |
| 56 | n = len(b) | 56 | n = len(b) |
| 57 | + b += b";" | 57 | + b += b";" |
| 58 | 58 | ||
| 59 | while i < n: | 59 | while i < n: |
| 60 | - match = _cookie_re.search(b + b";", i) | 60 | - match = _cookie_re.search(b + b";", i) |
| 61 | + match = _cookie_re.match(b, i) | 61 | + match = _cookie_re.match(b, i) |
| 62 | + | 62 | + |
| 63 | if not match: | 63 | if not match: |
| 64 | break | 64 | break |
| 65 | 65 | ||
| 66 | - key = match.group("key").strip() | 66 | - key = match.group("key").strip() |
| 67 | - value = match.group("val") or b"" | 67 | - value = match.group("val") or b"" |
| 68 | i = match.end(0) | 68 | i = match.end(0) |
| @@ -70,11 +70,11 @@ index a8b3523..d6290ba 100644 | |||
| 70 | + | 70 | + |
| 71 | + if not key: | 71 | + if not key: |
| 72 | + continue | 72 | + continue |
| 73 | 73 | ||
| 74 | + value = match.group("val") or b"" | 74 | + value = match.group("val") or b"" |
| 75 | yield key, _cookie_unquote(value) | 75 | yield key, _cookie_unquote(value) |
| 76 | 76 | ||
| 77 | 77 | ||
| 78 | diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py | 78 | diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py |
| 79 | index 9369900..ae133e3 100644 | 79 | index 9369900..ae133e3 100644 |
| 80 | --- a/src/werkzeug/http.py | 80 | --- a/src/werkzeug/http.py |
| @@ -89,7 +89,7 @@ index 9369900..ae133e3 100644 | |||
| 89 | - | 89 | - |
| 90 | val_str = _to_str(val, charset, errors, allow_none_charset=True) | 90 | val_str = _to_str(val, charset, errors, allow_none_charset=True) |
| 91 | yield key_str, val_str | 91 | yield key_str, val_str |
| 92 | 92 | ||
| 93 | diff --git a/tests/test_http.py b/tests/test_http.py | 93 | diff --git a/tests/test_http.py b/tests/test_http.py |
| 94 | index 5936bfa..59cc179 100644 | 94 | index 5936bfa..59cc179 100644 |
| 95 | --- a/tests/test_http.py | 95 | --- a/tests/test_http.py |
| @@ -110,7 +110,8 @@ index 5936bfa..59cc179 100644 | |||
| 110 | '"__Secure-c"': "d", | 110 | '"__Secure-c"': "d", |
| 111 | + "__Host-eq": "good", | 111 | + "__Host-eq": "good", |
| 112 | } | 112 | } |
| 113 | 113 | ||
| 114 | def test_dump_cookie(self): | 114 | def test_dump_cookie(self): |
| 115 | -- | 115 | -- |
| 116 | 2.40.0 | 116 | 2.40.0 |
| 117 | |||