File CVE-2024-47220.patch of Package ruby2.1.36279

diff -ru ruby-2.1.9.orig/lib/webrick/httprequest.rb ruby-2.1.9/lib/webrick/httprequest.rb
--- ruby-2.1.9.orig/lib/webrick/httprequest.rb	2024-10-29 13:40:11.865094013 +0100
+++ ruby-2.1.9/lib/webrick/httprequest.rb	2024-10-29 13:40:55.129540898 +0100
@@ -473,6 +473,10 @@
     def read_body(socket, block)
       return unless socket
       if tc = self['transfer-encoding']
+        if self['content-length']   
+          raise HTTPStatus::BadRequest, "request with both transfer-encoding and content-length, possible request smuggling"
+        end
+
         case tc
         when /\Achunked\z/io then read_chunked(socket, block)
         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."

Places

File CVE-2024-47220.patch of Package ruby2.1.36279

Places