python3-twisted: patch CVE-2022-24801

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-14 08:34:35 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-20 18:22:07 +0100
commit: 12d4f40a4a5881d2e26741fbed672fd841f557f5 (patch)
tree: 4850ea52e9df531e65cda982ffb562048e518adb /meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch
parent: d29ee9b3878cbaee94b4f3b7db64adca38b67a22 (diff)
download: meta-openembedded-12d4f40a4a5881d2e26741fbed672fd841f557f5.tar.gz
1 files changed, 129 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch
new file mode 100644
index 0000000000..26007d9e04
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch
@@ -0,0 +1,129 @@
+From e33f7fc231845487f969a9c0fbf7956226ac8dfa Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Sun, 13 Mar 2022 23:51:52 -0700
+Subject: [PATCH] Reject malformed chunk sizes
+Upstream-Status: Backport [https://github.com/twisted/twisted/commit/0275152f147506c82868ff1dabd9bf655ab67946]
+CVE: CVE-2022-24801
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/twisted/web/http.py           | 35 +++++++++++++++++++++++----
+ src/twisted/web/test/test_http.py | 40 +++++++++++++++++++++++++++++++
+ 2 files changed, 71 insertions(+), 4 deletions(-)
+diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
+index 5316d81..940ff9f 100644
+--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
+@@ -108,7 +108,7 @@ import tempfile
+ import time
+ import warnings
+ from io import BytesIO
+-from typing import AnyStr, Callable, Optional
+from typing import AnyStr, Callable, Optional, Tuple
+ from urllib.parse import (
+     ParseResultBytes,
+     unquote_to_bytes as unquote,
+@@ -410,7 +410,33 @@ def toChunk(data):
+     return (networkString(f"{len(data):x}"), b"\r\n", data, b"\r\n")
+ 
+ 
+-def fromChunk(data):
+def _ishexdigits(b: bytes) -> bool:
+    """
+    Is the string case-insensitively hexidecimal?
+
+    It must be composed of one or more characters in the ranges a-f, A-F
+    and 0-9.
+    """
+    for c in b:
+        if c not in b'0123456789abcdefABCDEF':
+            return False
+    return bool(b)
+
+
+def _hexint(b: bytes) -> int:
+    """
+    Decode a hexadecimal integer.
+
+    Unlike L{int(b, 16)}, this raises L{ValueError} when the integer has
+    a prefix like C{b'0x'}, C{b'+'}, or C{b'-'}, which is desirable when
+    parsing network protocols.
+    """
+    if not _ishexdigits(b):
+        raise ValueError(b)
+    return int(b, 16)
+
+
+def fromChunk(data: bytes) -> Tuple[bytes, bytes]:
+     """
+     Convert chunk to string.
+ 
+@@ -422,7 +448,7 @@ def fromChunk(data):
+         byte string.
+     """
+     prefix, rest = data.split(b"\r\n", 1)
+-    length = int(prefix, 16)
+    length = _hexint(prefix)
+     if length < 0:
+         raise ValueError("Chunk length must be >= 0, not %d" % (length,))
+     if rest[length : length + 2] != b"\r\n":
+@@ -1883,8 +1909,9 @@ class _ChunkedTransferDecoder:
+         endOfLengthIndex = self._buffer.find(b";", 0, eolIndex)
+         if endOfLengthIndex == -1:
+             endOfLengthIndex = eolIndex
+        rawLength = self._buffer[0:endOfLengthIndex]
+         try:
+-            length = int(self._buffer[0:endOfLengthIndex], 16)
+            length = _hexint(rawLength)
+         except ValueError:
+             raise _MalformedChunkedDataError("Chunk-size must be an integer.")
+ 
+diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
+index e686aeb..201991f 100644
+--- a/src/twisted/web/test/test_http.py
+++ b/src/twisted/web/test/test_http.py
+@@ -4472,3 +4472,43 @@ class HTTPClientSanitizationTests(unittest.SynchronousTestCase):
+                 transport.value().splitlines(),
+                 [b": ".join([sanitizedBytes, sanitizedBytes])],
+             )
+
+
+class HexHelperTests(unittest.SynchronousTestCase):
+    """
+    Test the L{http._hexint} and L{http._ishexdigits} helper functions.
+    """
+
+    badStrings = (b"", b"0x1234", b"feds", b"-123" b"+123")
+
+    def test_isHex(self):
+        """
+        L{_ishexdigits()} returns L{True} for nonempy bytestrings containing
+        hexadecimal digits.
+        """
+        for s in (b"10", b"abcdef", b"AB1234", b"fed", b"123467890"):
+            self.assertIs(True, http._ishexdigits(s))
+
+    def test_decodes(self):
+        """
+        L{_hexint()} returns the integer equivalent of the input.
+        """
+        self.assertEqual(10, http._hexint(b"a"))
+        self.assertEqual(0x10, http._hexint(b"10"))
+        self.assertEqual(0xABCD123, http._hexint(b"abCD123"))
+
+    def test_isNotHex(self):
+        """
+        L{_ishexdigits()} returns L{False} for bytestrings that don't contain
+        hexadecimal digits, including the empty string.
+        """
+        for s in self.badStrings:
+            self.assertIs(False, http._ishexdigits(s))
+
+    def test_decodeNotHex(self):
+        """
+        L{_hexint()} raises L{ValueError} for bytestrings that can't
+        be decoded.
+        """
+        for s in self.badStrings:
+            self.assertRaises(ValueError, http._hexint, s)
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-14 08:34:35 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-20 18:22:07 +0100
commit	12d4f40a4a5881d2e26741fbed672fd841f557f5 (patch)
tree	4850ea52e9df531e65cda982ffb562048e518adb /meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch
parent	d29ee9b3878cbaee94b4f3b7db64adca38b67a22 (diff)
download	meta-openembedded-12d4f40a4a5881d2e26741fbed672fd841f557f5.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch new file mode 100644 index 0000000000..26007d9e04 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-6.patch
@@ -0,0 +1,129 @@
	1	From e33f7fc231845487f969a9c0fbf7956226ac8dfa Mon Sep 17 00:00:00 2001
	2	From: Tom Most <twm@freecog.net>
	3	Date: Sun, 13 Mar 2022 23:51:52 -0700
	4	Subject: [PATCH] Reject malformed chunk sizes
	5
	6	Upstream-Status: Backport [https://github.com/twisted/twisted/commit/0275152f147506c82868ff1dabd9bf655ab67946]
	7	CVE: CVE-2022-24801
	8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	9	---
	10	src/twisted/web/http.py \| 35 +++++++++++++++++++++++----
	11	src/twisted/web/test/test_http.py \| 40 +++++++++++++++++++++++++++++++
	12	2 files changed, 71 insertions(+), 4 deletions(-)
	13
	14	diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
	15	index 5316d81..940ff9f 100644
	16	--- a/src/twisted/web/http.py
	17	+++ b/src/twisted/web/http.py
	18	@@ -108,7 +108,7 @@ import tempfile
	19	import time
	20	import warnings
	21	from io import BytesIO
	22	-from typing import AnyStr, Callable, Optional
	23	+from typing import AnyStr, Callable, Optional, Tuple
	24	from urllib.parse import (
	25	ParseResultBytes,
	26	unquote_to_bytes as unquote,
	27	@@ -410,7 +410,33 @@ def toChunk(data):
	28	return (networkString(f"{len(data):x}"), b"\r\n", data, b"\r\n")
	29
	30
	31	-def fromChunk(data):
	32	+def _ishexdigits(b: bytes) -> bool:
	33	+ """
	34	+ Is the string case-insensitively hexidecimal?
	35	+
	36	+ It must be composed of one or more characters in the ranges a-f, A-F
	37	+ and 0-9.
	38	+ """
	39	+ for c in b:
	40	+ if c not in b'0123456789abcdefABCDEF':
	41	+ return False
	42	+ return bool(b)
	43	+
	44	+
	45	+def _hexint(b: bytes) -> int:
	46	+ """
	47	+ Decode a hexadecimal integer.
	48	+
	49	+ Unlike L{int(b, 16)}, this raises L{ValueError} when the integer has
	50	+ a prefix like C{b'0x'}, C{b'+'}, or C{b'-'}, which is desirable when
	51	+ parsing network protocols.
	52	+ """
	53	+ if not _ishexdigits(b):
	54	+ raise ValueError(b)
	55	+ return int(b, 16)
	56	+
	57	+
	58	+def fromChunk(data: bytes) -> Tuple[bytes, bytes]:
	59	"""
	60	Convert chunk to string.
	61
	62	@@ -422,7 +448,7 @@ def fromChunk(data):
	63	byte string.
	64	"""
	65	prefix, rest = data.split(b"\r\n", 1)
	66	- length = int(prefix, 16)
	67	+ length = _hexint(prefix)
	68	if length < 0:
	69	raise ValueError("Chunk length must be >= 0, not %d" % (length,))
	70	if rest[length : length + 2] != b"\r\n":
	71	@@ -1883,8 +1909,9 @@ class _ChunkedTransferDecoder:
	72	endOfLengthIndex = self._buffer.find(b";", 0, eolIndex)
	73	if endOfLengthIndex == -1:
	74	endOfLengthIndex = eolIndex
	75	+ rawLength = self._buffer[0:endOfLengthIndex]
	76	try:
	77	- length = int(self._buffer[0:endOfLengthIndex], 16)
	78	+ length = _hexint(rawLength)
	79	except ValueError:
	80	raise _MalformedChunkedDataError("Chunk-size must be an integer.")
	81
	82	diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
	83	index e686aeb..201991f 100644
	84	--- a/src/twisted/web/test/test_http.py
	85	+++ b/src/twisted/web/test/test_http.py
	86	@@ -4472,3 +4472,43 @@ class HTTPClientSanitizationTests(unittest.SynchronousTestCase):
	87	transport.value().splitlines(),
	88	[b": ".join([sanitizedBytes, sanitizedBytes])],
	89	)
	90	+
	91	+
	92	+class HexHelperTests(unittest.SynchronousTestCase):
	93	+ """
	94	+ Test the L{http._hexint} and L{http._ishexdigits} helper functions.
	95	+ """
	96	+
	97	+ badStrings = (b"", b"0x1234", b"feds", b"-123" b"+123")
	98	+
	99	+ def test_isHex(self):
	100	+ """
	101	+ L{_ishexdigits()} returns L{True} for nonempy bytestrings containing
	102	+ hexadecimal digits.
	103	+ """
	104	+ for s in (b"10", b"abcdef", b"AB1234", b"fed", b"123467890"):
	105	+ self.assertIs(True, http._ishexdigits(s))
	106	+
	107	+ def test_decodes(self):
	108	+ """
	109	+ L{_hexint()} returns the integer equivalent of the input.
	110	+ """
	111	+ self.assertEqual(10, http._hexint(b"a"))
	112	+ self.assertEqual(0x10, http._hexint(b"10"))
	113	+ self.assertEqual(0xABCD123, http._hexint(b"abCD123"))
	114	+
	115	+ def test_isNotHex(self):
	116	+ """
	117	+ L{_ishexdigits()} returns L{False} for bytestrings that don't contain
	118	+ hexadecimal digits, including the empty string.
	119	+ """
	120	+ for s in self.badStrings:
	121	+ self.assertIs(False, http._ishexdigits(s))
	122	+
	123	+ def test_decodeNotHex(self):
	124	+ """
	125	+ L{_hexint()} raises L{ValueError} for bytestrings that can't
	126	+ be decoded.
	127	+ """
	128	+ for s in self.badStrings:
	129	+ self.assertRaises(ValueError, http._hexint, s)