!19 [sync] PR-13: Fix CVE-2023-47641

From: @openeuler-sync-bot Reviewed-by: @lyn1001 Signed-off-by: @lyn1001
2023-11-16 09:26:52 +00:00 · 2023-11-16 09:26:52 +00:00 · c85a9efd18
commit c85a9efd18
parent ca9770673f e71a01ad20
2 changed files with 82 additions and 1 deletions
--- a/CVE-2023-47641.patch
+++ b/CVE-2023-47641.patch
@ -0,0 +1,77 @@
 From f016f0680e4ace6742b03a70cb0382ce86abe371 Mon Sep 17 00:00:00 2001
 From: Andrew Svetlov <andrew.svetlov@gmail.com>
 Date: Sun, 31 Oct 2021 19:03:06 +0200
 Subject: [PATCH] Raise '400: Content-Length can't be present with
 Transfer-Encoding' if both Content-Length and Transfer-Encoding are sent by
 peer (#6182)
 ---
 CHANGES/6182.bugfix       |  1 +
 aiohttp/http_parser.py    | 12 ++++++++++--
 tests/test_http_parser.py | 15 ++++++++++++++-
 3 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 CHANGES/6182.bugfix
 diff --git a/CHANGES/6182.bugfix b/CHANGES/6182.bugfix
 new file mode 100644
 index 0000000000..28daaa328a
 --- /dev/null
 +++ b/CHANGES/6182.bugfix
@@ -0,0 +1 @@
 +Raise ``400: Content-Length can't be present with Transfer-Encoding`` if both ``Content-Length`` and ``Transfer-Encoding`` are sent by peer by both C and Python implementations
 diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py
 index 4a4ae31ae6..e1b86e8e4f 100644
 --- a/aiohttp/http_parser.py
 +++ b/aiohttp/http_parser.py
@@ -28,6 +28,7 @@
 from .base_protocol import BaseProtocol
 from .helpers import NO_EXTENSIONS, BaseTimerContext
 from .http_exceptions import (
 +    BadHttpMessage,
     BadStatusLine,
     ContentEncodingError,
     ContentLengthError,
@@ -489,8 +490,15 @@ def parse_headers(
         # chunking
         te = headers.get(hdrs.TRANSFER_ENCODING)
 -        if te and "chunked" in te.lower():
 -            chunked = True
 +        if te is not None:
 +            te_lower = te.lower()
 +            if "chunked" in te_lower:
 +                chunked = True
 +
 +            if hdrs.CONTENT_LENGTH in headers:
 +                raise BadHttpMessage(
 +                    "Content-Length can't be present with Transfer-Encoding",
 +                )
         return (headers, raw_headers, close_conn, encoding, upgrade, chunked)
 diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py
 index 78e9ea6401..d86d238f58 100644
 --- a/tests/test_http_parser.py
 +++ b/tests/test_http_parser.py
@@ -291,7 +291,20 @@ def test_request_chunked(parser) -> None:
     assert isinstance(payload, streams.StreamReader)
 -def test_conn_upgrade(parser) -> None:
 +def test_request_te_chunked_with_content_length(parser: Any) -> None:
 +    text = (
 +        b"GET /test HTTP/1.1\r\n"
 +        b"content-length: 1234\r\n"
 +        b"transfer-encoding: chunked\r\n\r\n"
 +    )
 +    with pytest.raises(
 +        http_exceptions.BadHttpMessage,
 +        match="Content-Length can't be present with Transfer-Encoding",
 +    ):
 +        parser.feed_data(text)
 +
 +
 +def test_conn_upgrade(parser: Any) -> None:
     text = (
         b"GET /test HTTP/1.1\r\n"
         b"connection: upgrade\r\n"
--- a/python-aiohttp.spec
+++ b/python-aiohttp.spec
@ -1,12 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-aiohttp
 Version:	3.7.4
-Release:	2
+Release:	3
 Summary:	Async http client/server framework (asyncio)
 License:	Apache 2
 URL:		https://github.com/aio-libs/aiohttp
 Source0:	https://files.pythonhosted.org/packages/99/f5/90ede947a3ce2d6de1614799f5fea4e93c19b6520a59dc5d2f64123b032f/aiohttp-3.7.4.post0.tar.gz
 Patch0:         change-require-chardet-package-version.patch
 Patch1:         CVE-2023-47641.patch
 BuildRequires:	python3-attrs
 BuildRequires:	python3-chardet
@ -77,6 +78,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 %changelog
 * Thu Nov 16 2023 yaoxin <yao_xin001@hoperun.com> - 3.7.4-3
 - Fix CVE-2023-47641
 * Mon Nov 7 2022 liyanan <liyanan32@h-partners.com> - 3.7.4-2
 - change chardet version to fix installed error