python3-aiohttp: patch CVE-2024-52304

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-52304 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Ankur Tyagi <ankur.tyagi85@gmail.com> 2026-01-15 02:00:39 +1300
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-01-19 12:14:16 +0530
commit: e061e04825a7455d2c1575c7b9d13146b76d764d (patch)
tree: 98b0adde24674f49f43a53ae82bdbb23b8fa6bbb /meta-python/recipes-devtools/python
parent: 46d5b12103a81694f483d79edb7b2d86186fbd5e (diff)
download: meta-openembedded-e061e04825a7455d2c1575c7b9d13146b76d764d.tar.gz
2 files changed, 126 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch
new file mode 100644
index 0000000000..2ddd94a4be
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch
@@ -0,0 +1,124 @@
+From ca0218ea87242c6031887d138183a9b05c256514 Mon Sep 17 00:00:00 2001
+From: "J. Nick Koston" <nick@koston.org>
+Date: Wed, 13 Nov 2024 08:50:36 -0600
+Subject: [PATCH] [PR #9851/541d86d backport][3.10] Fix incorrect parsing of
+ chunk extensions with the pure Python parser (#9853)
+CVE: CVE-2024-52304
+Upstream-Status: Backport [https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ aiohttp/http_parser.py    |  7 ++++
+ tests/test_http_parser.py | 74 ++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 80 insertions(+), 1 deletion(-)
+diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py
+index 013511917..7a552458e 100644
+--- a/aiohttp/http_parser.py
+++ b/aiohttp/http_parser.py
+@@ -848,6 +848,13 @@ class HttpPayloadParser:
+                         i = chunk.find(CHUNK_EXT, 0, pos)
+                         if i >= 0:
+                             size_b = chunk[:i]  # strip chunk-extensions
+                            # Verify no LF in the chunk-extension
+                            if b"\n" in (ext := chunk[i:pos]):
+                                exc = BadHttpMessage(
+                                    f"Unexpected LF in chunk-extension: {ext!r}"
+                                )
+                                set_exception(self.payload, exc)
+                                raise exc
+                         else:
+                             size_b = chunk[:pos]
+ 
+diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py
+index ee7dc4aab..2f34f0bc0 100644
+--- a/tests/test_http_parser.py
+++ b/tests/test_http_parser.py
+@@ -13,6 +13,7 @@ from yarl import URL
+ 
+ import aiohttp
+ from aiohttp import http_exceptions, streams
+from aiohttp.base_protocol import BaseProtocol
+ from aiohttp.http_parser import (
+     NO_EXTENSIONS,
+     DeflateBuffer,
+@@ -1369,7 +1370,78 @@ def test_parse_chunked_payload_empty_body_than_another_chunked(
+     assert b"second" == b"".join(d for d in payload._buffer)
+ 
+ 
+-def test_partial_url(parser: Any) -> None:
+async def test_parse_chunked_payload_split_chunks(response: Any) -> None:
+    network_chunks = (
+        b"HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n",
+        b"5\r\nfi",
+        b"rst",
+        # This simulates a bug in lax mode caused when the \r\n separator, before the
+        # next HTTP chunk, appears at the start of the next network chunk.
+        b"\r\n",
+        b"6",
+        b"\r",
+        b"\n",
+        b"second\r",
+        b"\n0\r\n\r\n",
+    )
+    reader = response.feed_data(network_chunks[0])[0][0][1]
+    for c in network_chunks[1:]:
+        response.feed_data(c)
+
+    assert response.feed_eof() is None
+    assert reader.is_eof()
+    assert await reader.read() == b"firstsecond"
+
+
+@pytest.mark.skipif(NO_EXTENSIONS, reason="Only tests C parser.")
+async def test_parse_chunked_payload_with_lf_in_extensions_c_parser(
+    loop: asyncio.AbstractEventLoop, protocol: BaseProtocol
+) -> None:
+    """Test the C-parser with a chunked payload that has a LF in the chunk extensions."""
+    # The C parser will raise a BadHttpMessage from feed_data
+    parser = HttpRequestParserC(
+        protocol,
+        loop,
+        2**16,
+        max_line_size=8190,
+        max_field_size=8190,
+    )
+    payload = (
+        b"GET / HTTP/1.1\r\nHost: localhost:5001\r\n"
+        b"Transfer-Encoding: chunked\r\n\r\n2;\nxx\r\n4c\r\n0\r\n\r\n"
+        b"GET /admin HTTP/1.1\r\nHost: localhost:5001\r\n"
+        b"Transfer-Encoding: chunked\r\n\r\n0\r\n\r\n"
+    )
+    with pytest.raises(http_exceptions.BadHttpMessage, match="\\\\nxx"):
+        parser.feed_data(payload)
+
+
+async def test_parse_chunked_payload_with_lf_in_extensions_py_parser(
+    loop: asyncio.AbstractEventLoop, protocol: BaseProtocol
+) -> None:
+    """Test the py-parser with a chunked payload that has a LF in the chunk extensions."""
+    # The py parser will not raise the BadHttpMessage directly, but instead
+    # it will set the exception on the StreamReader.
+    parser = HttpRequestParserPy(
+        protocol,
+        loop,
+        2**16,
+        max_line_size=8190,
+        max_field_size=8190,
+    )
+    payload = (
+        b"GET / HTTP/1.1\r\nHost: localhost:5001\r\n"
+        b"Transfer-Encoding: chunked\r\n\r\n2;\nxx\r\n4c\r\n0\r\n\r\n"
+        b"GET /admin HTTP/1.1\r\nHost: localhost:5001\r\n"
+        b"Transfer-Encoding: chunked\r\n\r\n0\r\n\r\n"
+    )
+    messages, _, _ = parser.feed_data(payload)
+    reader = messages[0][1]
+    assert isinstance(reader.exception(), http_exceptions.BadHttpMessage)
+    assert "\\nxx" in str(reader.exception())
+
+
+def test_partial_url(parser: HttpRequestParser) -> None:
+     messages, upgrade, tail = parser.feed_data(b"GET /te")
+     assert len(messages) == 0
+     messages, upgrade, tail = parser.feed_data(b"st HTTP/1.1\r\n\r\n")
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
index 57adb1eeba..ea117576bc 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
 SRC_URI[sha256sum] = "edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551"
+SRC_URI += "file://CVE-2024-52304.patch"
 PYPI_PACKAGE = "aiohttp"
 inherit python_setuptools_build_meta pypi
author	Ankur Tyagi <ankur.tyagi85@gmail.com>	2026-01-15 02:00:39 +1300
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-19 12:14:16 +0530
commit	e061e04825a7455d2c1575c7b9d13146b76d764d (patch)
tree	98b0adde24674f49f43a53ae82bdbb23b8fa6bbb /meta-python/recipes-devtools/python
parent	46d5b12103a81694f483d79edb7b2d86186fbd5e (diff)
download	meta-openembedded-e061e04825a7455d2c1575c7b9d13146b76d764d.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch new file mode 100644 index 0000000000..2ddd94a4be --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch
@@ -0,0 +1,124 @@
		1	From ca0218ea87242c6031887d138183a9b05c256514 Mon Sep 17 00:00:00 2001
		2	From: "J. Nick Koston" <nick@koston.org>
		3	Date: Wed, 13 Nov 2024 08:50:36 -0600
		4	Subject: [PATCH] [PR #9851/541d86d backport][3.10] Fix incorrect parsing of
		5	chunk extensions with the pure Python parser (#9853)
		6
		7	CVE: CVE-2024-52304
		8	Upstream-Status: Backport [https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71]
		9	Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
		10	---
		11	aiohttp/http_parser.py \| 7 ++++
		12	tests/test_http_parser.py \| 74 ++++++++++++++++++++++++++++++++++++++-
		13	2 files changed, 80 insertions(+), 1 deletion(-)
		14
		15	diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py
		16	index 013511917..7a552458e 100644
		17	--- a/aiohttp/http_parser.py
		18	+++ b/aiohttp/http_parser.py
		19	@@ -848,6 +848,13 @@ class HttpPayloadParser:
		20	i = chunk.find(CHUNK_EXT, 0, pos)
		21	if i >= 0:
		22	size_b = chunk[:i] # strip chunk-extensions
		23	+ # Verify no LF in the chunk-extension
		24	+ if b"\n" in (ext := chunk[i:pos]):
		25	+ exc = BadHttpMessage(
		26	+ f"Unexpected LF in chunk-extension: {ext!r}"
		27	+ )
		28	+ set_exception(self.payload, exc)
		29	+ raise exc
		30	else:
		31	size_b = chunk[:pos]
		32
		33	diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py
		34	index ee7dc4aab..2f34f0bc0 100644
		35	--- a/tests/test_http_parser.py
		36	+++ b/tests/test_http_parser.py
		37	@@ -13,6 +13,7 @@ from yarl import URL
		38
		39	import aiohttp
		40	from aiohttp import http_exceptions, streams
		41	+from aiohttp.base_protocol import BaseProtocol
		42	from aiohttp.http_parser import (
		43	NO_EXTENSIONS,
		44	DeflateBuffer,
		45	@@ -1369,7 +1370,78 @@ def test_parse_chunked_payload_empty_body_than_another_chunked(
		46	assert b"second" == b"".join(d for d in payload._buffer)
		47
		48
		49	-def test_partial_url(parser: Any) -> None:
		50	+async def test_parse_chunked_payload_split_chunks(response: Any) -> None:
		51	+ network_chunks = (
		52	+ b"HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n",
		53	+ b"5\r\nfi",
		54	+ b"rst",
		55	+ # This simulates a bug in lax mode caused when the \r\n separator, before the
		56	+ # next HTTP chunk, appears at the start of the next network chunk.
		57	+ b"\r\n",
		58	+ b"6",
		59	+ b"\r",
		60	+ b"\n",
		61	+ b"second\r",
		62	+ b"\n0\r\n\r\n",
		63	+ )
		64	+ reader = response.feed_data(network_chunks[0])[0][0][1]
		65	+ for c in network_chunks[1:]:
		66	+ response.feed_data(c)
		67	+
		68	+ assert response.feed_eof() is None
		69	+ assert reader.is_eof()
		70	+ assert await reader.read() == b"firstsecond"
		71	+
		72	+
		73	+@pytest.mark.skipif(NO_EXTENSIONS, reason="Only tests C parser.")
		74	+async def test_parse_chunked_payload_with_lf_in_extensions_c_parser(
		75	+ loop: asyncio.AbstractEventLoop, protocol: BaseProtocol
		76	+) -> None:
		77	+ """Test the C-parser with a chunked payload that has a LF in the chunk extensions."""
		78	+ # The C parser will raise a BadHttpMessage from feed_data
		79	+ parser = HttpRequestParserC(
		80	+ protocol,
		81	+ loop,
		82	+ 2**16,
		83	+ max_line_size=8190,
		84	+ max_field_size=8190,
		85	+ )
		86	+ payload = (
		87	+ b"GET / HTTP/1.1\r\nHost: localhost:5001\r\n"
		88	+ b"Transfer-Encoding: chunked\r\n\r\n2;\nxx\r\n4c\r\n0\r\n\r\n"
		89	+ b"GET /admin HTTP/1.1\r\nHost: localhost:5001\r\n"
		90	+ b"Transfer-Encoding: chunked\r\n\r\n0\r\n\r\n"
		91	+ )
		92	+ with pytest.raises(http_exceptions.BadHttpMessage, match="\\\\nxx"):
		93	+ parser.feed_data(payload)
		94	+
		95	+
		96	+async def test_parse_chunked_payload_with_lf_in_extensions_py_parser(
		97	+ loop: asyncio.AbstractEventLoop, protocol: BaseProtocol
		98	+) -> None:
		99	+ """Test the py-parser with a chunked payload that has a LF in the chunk extensions."""
		100	+ # The py parser will not raise the BadHttpMessage directly, but instead
		101	+ # it will set the exception on the StreamReader.
		102	+ parser = HttpRequestParserPy(
		103	+ protocol,
		104	+ loop,
		105	+ 2**16,
		106	+ max_line_size=8190,
		107	+ max_field_size=8190,
		108	+ )
		109	+ payload = (
		110	+ b"GET / HTTP/1.1\r\nHost: localhost:5001\r\n"
		111	+ b"Transfer-Encoding: chunked\r\n\r\n2;\nxx\r\n4c\r\n0\r\n\r\n"
		112	+ b"GET /admin HTTP/1.1\r\nHost: localhost:5001\r\n"
		113	+ b"Transfer-Encoding: chunked\r\n\r\n0\r\n\r\n"
		114	+ )
		115	+ messages, _, _ = parser.feed_data(payload)
		116	+ reader = messages[0][1]
		117	+ assert isinstance(reader.exception(), http_exceptions.BadHttpMessage)
		118	+ assert "\\nxx" in str(reader.exception())
		119	+
		120	+
		121	+def test_partial_url(parser: HttpRequestParser) -> None:
		122	messages, upgrade, tail = parser.feed_data(b"GET /te")
		123	assert len(messages) == 0
		124	messages, upgrade, tail = parser.feed_data(b"st HTTP/1.1\r\n\r\n")


diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb index 57adb1eeba..ea117576bc 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
6		6
7	SRC_URI[sha256sum] = "edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551"	7	SRC_URI[sha256sum] = "edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551"
8		8
		9	SRC_URI += "file://CVE-2024-52304.patch"
		10
9	PYPI_PACKAGE = "aiohttp"	11	PYPI_PACKAGE = "aiohttp"
10	inherit python_setuptools_build_meta pypi	12	inherit python_setuptools_build_meta pypi
11		13