mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-01-12 15:31:45 +00:00
5c4b61d38a
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. References: https://nvd.nist.gov/vuln/detail/CVE-2024-41671 https://ubuntu.com/security/CVE-2024-41671 Upstream patches:f1cb4e616eef2c755e9eSigned-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
34 lines
1.0 KiB
Diff
34 lines
1.0 KiB
Diff
From f1cb4e616e9f23b4dd044a6db44365060950c64f Mon Sep 17 00:00:00 2001
|
|
From: Tom Most <twm@freecog.net>
|
|
Date: Mon, 22 Jul 2024 22:21:10 -0700
|
|
Subject: [PATCH] Use chunking in the pipelining tests
|
|
|
|
CVE: CVE-2024-41671
|
|
|
|
Upstream-Status: Backport [https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f]
|
|
|
|
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
|
|
---
|
|
src/twisted/web/test/test_http.py | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
|
|
index 7ffea4e..5d88ff1 100644
|
|
--- a/src/twisted/web/test/test_http.py
|
|
+++ b/src/twisted/web/test/test_http.py
|
|
@@ -575,9 +575,11 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
|
|
b"Content-Length: 10\r\n"
|
|
b"\r\n"
|
|
b"0123456789POST / HTTP/1.1\r\n"
|
|
- b"Content-Length: 10\r\n"
|
|
+ b"Transfer-Encoding: chunked\r\n"
|
|
b"\r\n"
|
|
+ b"a\r\n"
|
|
b"0123456789"
|
|
+ b"0\r\n"
|
|
)
|
|
|
|
expectedResponses = [
|
|
--
|
|
2.40.0
|