python3-twisted: patch CVE-2022-24801

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-14 08:34:35 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-20 18:22:07 +0100
commit: 12d4f40a4a5881d2e26741fbed672fd841f557f5 (patch)
tree: 4850ea52e9df531e65cda982ffb562048e518adb /meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch
parent: d29ee9b3878cbaee94b4f3b7db64adca38b67a22 (diff)
download: meta-openembedded-12d4f40a4a5881d2e26741fbed672fd841f557f5.tar.gz
1 files changed, 108 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch
new file mode 100644
index 0000000000..e426d4d8f2
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch
@@ -0,0 +1,108 @@
+From 29b4c6ab9a917200a37d6fca1243a7f57caba922 Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Sun, 27 Mar 2022 22:17:30 -0700
+Subject: [PATCH] Correct chunk extension byte validation
+Go back to the RFC to figure out the correct allowed ranges.
+Upstream-Status: Backport [https://github.com/twisted/twisted/commit/fa9caa54d63399b4ccdfbf0429ba1b504ccc7c89]
+CVE: CVE-2022-24801
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/twisted/web/http.py           | 49 ++++++++++++++++++++++++++++++-
+ src/twisted/web/test/test_http.py |  8 ++++-
+ 2 files changed, 55 insertions(+), 2 deletions(-)
+diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
+index ea77f57..81df437 100644
+--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
+@@ -418,7 +418,7 @@ def _ishexdigits(b: bytes) -> bool:
+     and 0-9.
+     """
+     for c in b:
+-        if c not in b'0123456789abcdefABCDEF':
+        if c not in b"0123456789abcdefABCDEF":
+             return False
+     return bool(b)
+ 
+@@ -1816,6 +1816,47 @@ class _IdentityTransferDecoder:
+ maxChunkSizeLineLength = 1024
+ 
+ 
+_chunkExtChars = (
+    b"\t !\"#$%&'()*+,-./0123456789:;<=>?@"
+    b"ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`"
+    b"abcdefghijklmnopqrstuvwxyz{|}~"
+    b"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
+    b"\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
+    b"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
+    b"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
+    b"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
+    b"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
+    b"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef"
+    b"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
+)
+"""
+Characters that are valid in a chunk extension.
+
+See RFC 7230 section 4.1.1:
+
+     chunk-ext      = *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
+
+     chunk-ext-name = token
+     chunk-ext-val  = token / quoted-string
+
+Section 3.2.6:
+
+     token          = 1*tchar
+
+     tchar          = "!" / "#" / "$" / "%" / "&" / "'" / "*"
+                    / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
+                    / DIGIT / ALPHA
+                    ; any VCHAR, except delimiters
+
+     quoted-string  = DQUOTE *( qdtext / quoted-pair ) DQUOTE
+     qdtext         = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text
+     obs-text       = %x80-FF
+
+We don't check if chunk extensions are well-formed beyond validating that they
+don't contain characters outside this range.
+"""
+
+
+ class _ChunkedTransferDecoder:
+     """
+     Protocol for decoding I{chunked} Transfer-Encoding, as defined by RFC 7230,
+@@ -1915,6 +1956,12 @@ class _ChunkedTransferDecoder:
+         except ValueError:
+             raise _MalformedChunkedDataError("Chunk-size must be an integer.")
+ 
+        ext = self._buffer[endOfLengthIndex + 1 : eolIndex]
+        if ext and ext.translate(None, _chunkExtChars) != b"":
+            raise _MalformedChunkedDataError(
+                f"Invalid characters in chunk extensions: {ext!r}."
+            )
+
+         if length == 0:
+             self.state = "TRAILER"
+         else:
+diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
+index 201991f..eccb9b0 100644
+--- a/src/twisted/web/test/test_http.py
+++ b/src/twisted/web/test/test_http.py
+@@ -1379,7 +1379,13 @@ class ChunkedTransferEncodingTests(unittest.TestCase):
+ 
+         This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
+         """
+-        for b in [*range(0, 0x09), *range(0x10, 0x21), *range(0x74, 0x80)]:
+        invalidControl = (
+            b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\n\x0b\x0c\r\x0e\x0f"
+            b"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+        )
+        invalidDelimiter = b"\\"
+        invalidDel = b"\x7f"
+        for b in invalidControl + invalidDelimiter + invalidDel:
+             data = b"3; " + bytes((b,)) + b"\r\nabc\r\n"
+             p = http._ChunkedTransferDecoder(
+                 lambda b: None,  # pragma: nocov
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-14 08:34:35 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-20 18:22:07 +0100
commit	12d4f40a4a5881d2e26741fbed672fd841f557f5 (patch)
tree	4850ea52e9df531e65cda982ffb562048e518adb /meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch
parent	d29ee9b3878cbaee94b4f3b7db64adca38b67a22 (diff)
download	meta-openembedded-12d4f40a4a5881d2e26741fbed672fd841f557f5.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch new file mode 100644 index 0000000000..e426d4d8f2 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-8.patch
@@ -0,0 +1,108 @@
	1	From 29b4c6ab9a917200a37d6fca1243a7f57caba922 Mon Sep 17 00:00:00 2001
	2	From: Tom Most <twm@freecog.net>
	3	Date: Sun, 27 Mar 2022 22:17:30 -0700
	4	Subject: [PATCH] Correct chunk extension byte validation
	5
	6	Go back to the RFC to figure out the correct allowed ranges.
	7
	8	Upstream-Status: Backport [https://github.com/twisted/twisted/commit/fa9caa54d63399b4ccdfbf0429ba1b504ccc7c89]
	9	CVE: CVE-2022-24801
	10	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	11	---
	12	src/twisted/web/http.py \| 49 ++++++++++++++++++++++++++++++-
	13	src/twisted/web/test/test_http.py \| 8 ++++-
	14	2 files changed, 55 insertions(+), 2 deletions(-)
	15
	16	diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
	17	index ea77f57..81df437 100644
	18	--- a/src/twisted/web/http.py
	19	+++ b/src/twisted/web/http.py
	20	@@ -418,7 +418,7 @@ def _ishexdigits(b: bytes) -> bool:
	21	and 0-9.
	22	"""
	23	for c in b:
	24	- if c not in b'0123456789abcdefABCDEF':
	25	+ if c not in b"0123456789abcdefABCDEF":
	26	return False
	27	return bool(b)
	28
	29	@@ -1816,6 +1816,47 @@ class _IdentityTransferDecoder:
	30	maxChunkSizeLineLength = 1024
	31
	32
	33	+_chunkExtChars = (
	34	+ b"\t !\"#$%&'()*+,-./0123456789:;<=>?@"
	35	+ b"ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`"
	36	+ b"abcdefghijklmnopqrstuvwxyz{\|}~"
	37	+ b"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
	38	+ b"\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
	39	+ b"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
	40	+ b"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
	41	+ b"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
	42	+ b"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
	43	+ b"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef"
	44	+ b"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
	45	+)
	46	+"""
	47	+Characters that are valid in a chunk extension.
	48	+
	49	+See RFC 7230 section 4.1.1:
	50	+
	51	+ chunk-ext = *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
	52	+
	53	+ chunk-ext-name = token
	54	+ chunk-ext-val = token / quoted-string
	55	+
	56	+Section 3.2.6:
	57	+
	58	+ token = 1*tchar
	59	+
	60	+ tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
	61	+ / "+" / "-" / "." / "^" / "_" / "`" / "\|" / "~"
	62	+ / DIGIT / ALPHA
	63	+ ; any VCHAR, except delimiters
	64	+
	65	+ quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
	66	+ qdtext = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text
	67	+ obs-text = %x80-FF
	68	+
	69	+We don't check if chunk extensions are well-formed beyond validating that they
	70	+don't contain characters outside this range.
	71	+"""
	72	+
	73	+
	74	class _ChunkedTransferDecoder:
	75	"""
	76	Protocol for decoding I{chunked} Transfer-Encoding, as defined by RFC 7230,
	77	@@ -1915,6 +1956,12 @@ class _ChunkedTransferDecoder:
	78	except ValueError:
	79	raise _MalformedChunkedDataError("Chunk-size must be an integer.")
	80
	81	+ ext = self._buffer[endOfLengthIndex + 1 : eolIndex]
	82	+ if ext and ext.translate(None, _chunkExtChars) != b"":
	83	+ raise _MalformedChunkedDataError(
	84	+ f"Invalid characters in chunk extensions: {ext!r}."
	85	+ )
	86	+
	87	if length == 0:
	88	self.state = "TRAILER"
	89	else:
	90	diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
	91	index 201991f..eccb9b0 100644
	92	--- a/src/twisted/web/test/test_http.py
	93	+++ b/src/twisted/web/test/test_http.py
	94	@@ -1379,7 +1379,13 @@ class ChunkedTransferEncodingTests(unittest.TestCase):
	95
	96	This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
	97	"""
	98	- for b in [range(0, 0x09), range(0x10, 0x21), *range(0x74, 0x80)]:
	99	+ invalidControl = (
	100	+ b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\n\x0b\x0c\r\x0e\x0f"
	101	+ b"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
	102	+ )
	103	+ invalidDelimiter = b"\\"
	104	+ invalidDel = b"\x7f"
	105	+ for b in invalidControl + invalidDelimiter + invalidDel:
	106	data = b"3; " + bytes((b,)) + b"\r\nabc\r\n"
	107	p = http._ChunkedTransferDecoder(
	108	lambda b: None, # pragma: nocov