Overview

File CVE-2023-22795.patch of Package rubygem-actionpack-4_2.29852

From: John Hawthorn <john@hawthorn.email>
Date: Fri, 13 Jan 2023 15:54:40 -0800
Subject: [PATCH] Avoid regex backtracking on If-None-Match header

[CVE-2023-22795]

SUSE: adapt for version 4.2.9
---
--- actionpack.orig/lib/action_dispatch/http/cache.rb	2023-01-27 09:58:44.763931562 +0100
+++ actionpack/lib/action_dispatch/http/cache.rb	2023-01-27 10:55:19.187279885 +0100
@@ -18,7 +18,7 @@ module ActionDispatch
         end
 
         def if_none_match_etags
-          (if_none_match ? if_none_match.split(/\s*,\s*/) : []).collect do |etag|
+          (if_none_match ? if_none_match.split(",").each(&:strip!) : []).collect do |etag|
             etag.gsub(/^\"|\"$/, "")
           end
         end
openSUSE Build Service is sponsored by
Places