pool/perl-HTTP-Daemon
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
248fd48db0
perl-HTTP-Daemon/CVE-2022-31081-2.patch
Dirk Stoecker 410d10973f Accepting request 988945 from home:ohollmann:branches:devel:languages:perl 
- Fix request smuggling in HTTP::Daemon
  (CVE-2022-31081, bsc#1201157)
  * CVE-2022-31081.patch
  * CVE-2022-31081-2.patch

OBS-URL: https://build.opensuse.org/request/show/988945
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-HTTP-Daemon?expand=0&rev=19
2022-07-18 15:36:00 +00:00

37 lines
1.4 KiB
Diff
Raw Blame History

From 8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel@perceptyx.com>
Date: Tue, 21 Jun 2022 20:00:47 +0000
Subject: [PATCH] Include reason in response body content
---
lib/HTTP/Daemon.pm | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index a5112b3..2d022ae 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -299,16 +299,18 @@ READ_HEADER:
# check that they are all numbers (RFC: Content-Length = 1*DIGIT)
my @nums = grep { /^[0-9]+$/} @vals;
unless (@vals == @nums) {
- $self->send_error(400);
- $self->reason("Content-Length value must be a unsigned integer");
+ my $reason = "Content-Length value must be an unsigned integer";
+ $self->send_error(400, $reason);
+ $self->reason($reason);
return;
}
# check they are all the same
my $len = shift @nums;
foreach (@nums) {
next if $_ == $len;
- $self->send_error(400);
- $self->reason("Content-Length values are not the same");
+ my $reason = "Content-Length values are not the same";
+ $self->send_error(400, $reason);
+ $self->reason($reason);
return;
}
# ensure we have now a fixed header, with only 1 value
Reference in New Issue View Git Blame Copy Permalink