python3-twisted: patch CVE-2022-24801

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-23 08:49:55 +00:00 · 2026-01-14 08:34:35 +01:00
parent d29ee9b387
commit 12d4f40a4a
10 changed files with 618 additions and 3 deletions
@@ -0,0 +1,27 @@
+From a2fd35cf03bd3a847fd47a6f1a812e359c2dafda Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Sun, 13 Mar 2022 23:57:23 -0700
+Subject: [PATCH] Remove unreachable branch
+
+Upstream-Status: Backport [https://github.com/twisted/twisted/commit/696bfeaf5a1fa7ff952f860c89e2bdcfacef7d7a]
+CVE: CVE-2022-24801
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/twisted/web/http.py | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
+index 940ff9f..ea77f57 100644
+--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
+@@ -1915,9 +1915,7 @@ class _ChunkedTransferDecoder:
+         except ValueError:
+             raise _MalformedChunkedDataError("Chunk-size must be an integer.")
+ 
+-        if length < 0:
+-            raise _MalformedChunkedDataError("Chunk-size must not be negative.")
+-        elif length == 0:
+        if length == 0:
+             self.state = "TRAILER"
+         else:
+             self.state = "BODY"