1 files changed, 71 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-5.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-5.patch
new file mode 100644
index 0000000000..4c014bf669
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-5.patch
@@ -0,0 +1,71 @@
+From 8859df3b77eabf99a9b40c5e595bccaae4539ae0 Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Sun, 13 Mar 2022 23:19:39 -0700
+Subject: [PATCH] Test for malformed chunk size and extensions
+Upstream-Status: Backport [https://github.com/twisted/twisted/commit/f22d0d9c889822adb7eaf84b42a20ff5f7c4d421]
+CVE: CVE-2022-24801
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/twisted/web/test/test_http.py | 34 +++++++++++++++++++++++++++++++
+ 1 file changed, 34 insertions(+)
+diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
+index 8a7adc0..e686aeb 100644
+--- a/src/twisted/web/test/test_http.py
+++ b/src/twisted/web/test/test_http.py
+@@ -1371,6 +1371,22 @@ class ChunkedTransferEncodingTests(unittest.TestCase):
+         p.dataReceived(b"3; x-foo=bar\r\nabc\r\n")
+         self.assertEqual(L, [b"abc"])
+ 
+    def test_extensionsMalformed(self):
+        """
+        L{_ChunkedTransferDecoder.dataReceived} raises
+        L{_MalformedChunkedDataError} when the chunk extension fields contain
+        invalid characters.
+
+        This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
+        """
+        for b in [*range(0, 0x09), *range(0x10, 0x21), *range(0x74, 0x80)]:
+            data = b"3; " + bytes((b,)) + b"\r\nabc\r\n"
+            p = http._ChunkedTransferDecoder(
+                lambda b: None,  # pragma: nocov
+                lambda b: None,  # pragma: nocov
+            )
+            self.assertRaises(http._MalformedChunkedDataError, p.dataReceived, data)
+
+     def test_oversizedChunkSizeLine(self):
+         """
+         L{_ChunkedTransferDecoder.dataReceived} raises
+@@ -1426,6 +1442,22 @@ class ChunkedTransferEncodingTests(unittest.TestCase):
+             http._MalformedChunkedDataError, p.dataReceived, b"-3\r\nabc\r\n"
+         )
+ 
+    def test_malformedChunkSizeHex(self):
+        """
+        L{_ChunkedTransferDecoder.dataReceived} raises
+        L{_MalformedChunkedDataError} when the chunk size is prefixed with
+        "0x", as if it were a Python integer literal.
+
+        This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
+        """
+        p = http._ChunkedTransferDecoder(
+            lambda b: None,  # pragma: nocov
+            lambda b: None,  # pragma: nocov
+        )
+        self.assertRaises(
+            http._MalformedChunkedDataError, p.dataReceived, b"0x3\r\nabc\r\n"
+        )
+
+     def test_malformedChunkEnd(self):
+         r"""
+         L{_ChunkedTransferDecoder.dataReceived} raises
+@@ -1538,6 +1570,8 @@ class ChunkingTests(unittest.TestCase, ResponseTestMixin):
+             chunked = b"".join(http.toChunk(s))
+             self.assertEqual((s, b""), http.fromChunk(chunked))
+         self.assertRaises(ValueError, http.fromChunk, b"-5\r\nmalformed!\r\n")
+        self.assertRaises(ValueError, http.fromChunk, b"0xa\r\nmalformed!\r\n")
+        self.assertRaises(ValueError, http.fromChunk, b"0XA\r\nmalformed!\r\n")
+ 
+     def testConcatenatedChunks(self):
+         chunked = b"".join([b"".join(http.toChunk(t)) for t in self.strings])

diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-5.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-5.patch new file mode 100644 index 0000000000..4c014bf669 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-5.patch
@@ -0,0 +1,71 @@
	1	From 8859df3b77eabf99a9b40c5e595bccaae4539ae0 Mon Sep 17 00:00:00 2001
	2	From: Tom Most <twm@freecog.net>
	3	Date: Sun, 13 Mar 2022 23:19:39 -0700
	4	Subject: [PATCH] Test for malformed chunk size and extensions
	5
	6	Upstream-Status: Backport [https://github.com/twisted/twisted/commit/f22d0d9c889822adb7eaf84b42a20ff5f7c4d421]
	7	CVE: CVE-2022-24801
	8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	9	---
	10	src/twisted/web/test/test_http.py \| 34 +++++++++++++++++++++++++++++++
	11	1 file changed, 34 insertions(+)
	12
	13	diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
	14	index 8a7adc0..e686aeb 100644
	15	--- a/src/twisted/web/test/test_http.py
	16	+++ b/src/twisted/web/test/test_http.py
	17	@@ -1371,6 +1371,22 @@ class ChunkedTransferEncodingTests(unittest.TestCase):
	18	p.dataReceived(b"3; x-foo=bar\r\nabc\r\n")
	19	self.assertEqual(L, [b"abc"])
	20
	21	+ def test_extensionsMalformed(self):
	22	+ """
	23	+ L{_ChunkedTransferDecoder.dataReceived} raises
	24	+ L{_MalformedChunkedDataError} when the chunk extension fields contain
	25	+ invalid characters.
	26	+
	27	+ This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
	28	+ """
	29	+ for b in [range(0, 0x09), range(0x10, 0x21), *range(0x74, 0x80)]:
	30	+ data = b"3; " + bytes((b,)) + b"\r\nabc\r\n"
	31	+ p = http._ChunkedTransferDecoder(
	32	+ lambda b: None, # pragma: nocov
	33	+ lambda b: None, # pragma: nocov
	34	+ )
	35	+ self.assertRaises(http._MalformedChunkedDataError, p.dataReceived, data)
	36	+
	37	def test_oversizedChunkSizeLine(self):
	38	"""
	39	L{_ChunkedTransferDecoder.dataReceived} raises
	40	@@ -1426,6 +1442,22 @@ class ChunkedTransferEncodingTests(unittest.TestCase):
	41	http._MalformedChunkedDataError, p.dataReceived, b"-3\r\nabc\r\n"
	42	)
	43
	44	+ def test_malformedChunkSizeHex(self):
	45	+ """
	46	+ L{_ChunkedTransferDecoder.dataReceived} raises
	47	+ L{_MalformedChunkedDataError} when the chunk size is prefixed with
	48	+ "0x", as if it were a Python integer literal.
	49	+
	50	+ This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
	51	+ """
	52	+ p = http._ChunkedTransferDecoder(
	53	+ lambda b: None, # pragma: nocov
	54	+ lambda b: None, # pragma: nocov
	55	+ )
	56	+ self.assertRaises(
	57	+ http._MalformedChunkedDataError, p.dataReceived, b"0x3\r\nabc\r\n"
	58	+ )
	59	+
	60	def test_malformedChunkEnd(self):
	61	r"""
	62	L{_ChunkedTransferDecoder.dataReceived} raises
	63	@@ -1538,6 +1570,8 @@ class ChunkingTests(unittest.TestCase, ResponseTestMixin):
	64	chunked = b"".join(http.toChunk(s))
	65	self.assertEqual((s, b""), http.fromChunk(chunked))
	66	self.assertRaises(ValueError, http.fromChunk, b"-5\r\nmalformed!\r\n")
	67	+ self.assertRaises(ValueError, http.fromChunk, b"0xa\r\nmalformed!\r\n")
	68	+ self.assertRaises(ValueError, http.fromChunk, b"0XA\r\nmalformed!\r\n")
	69
	70	def testConcatenatedChunks(self):
	71	chunked = b"".join([b"".join(http.toChunk(t)) for t in self.strings])