1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
From 232c32ca0ecc3f9d263e2184253a839ce99b4f31 Mon Sep 17 00:00:00 2001
From: Tom Most <twm@freecog.net>
Date: Mon, 7 Mar 2022 00:02:55 -0800
Subject: [PATCH] Replace obs-fold with a single space
Upstream-Status: Backport [https://github.com/twisted/twisted/commit/79ee8c564ca0d4c2910c8859e0a6014d2dc40005]
CVE: CVE-2022-24801
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/twisted/web/http.py | 2 +-
src/twisted/web/test/test_http.py | 13 +++++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
index b99480f..5491953 100644
--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
@@ -2246,7 +2246,7 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
self.setRawMode()
elif line[0] in b" \t":
# Continuation of a multi line header.
- self.__header = self.__header + b"\n" + line
+ self.__header += b" " + line.lstrip(b" \t")
# Regular header line.
# Processing of header line is delayed to allow accumulating multi
# line headers.
diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
index 0549ed0..8a7adc0 100644
--- a/src/twisted/web/test/test_http.py
+++ b/src/twisted/web/test/test_http.py
@@ -1795,7 +1795,12 @@ class ParsingTests(unittest.TestCase):
Line folded headers are handled by L{HTTPChannel} by replacing each
fold with a single space by the time they are made available to the
L{Request}. Any leading whitespace in the folded lines of the header
- value is preserved.
+ value is replaced with a single space, per:
+
+ A server that receives an obs-fold in a request message ... MUST
+ ... replace each received obs-fold with one or more SP octets prior
+ to interpreting the field value or forwarding the message
+ downstream.
See RFC 7230 section 3.2.4.
"""
@@ -1832,15 +1837,15 @@ class ParsingTests(unittest.TestCase):
)
self.assertEqual(
request.requestHeaders.getRawHeaders(b"space"),
- [b"space space"],
+ [b"space space"],
)
self.assertEqual(
request.requestHeaders.getRawHeaders(b"spaces"),
- [b"spaces spaces spaces"],
+ [b"spaces spaces spaces"],
)
self.assertEqual(
request.requestHeaders.getRawHeaders(b"tab"),
- [b"t \ta \tb"],
+ [b"t a b"],
)
def test_headerStripWhitespace(self):
|
