File CVE-2020-11077.patch of Package rubygem-puma.16022

From 33ec64d699fab5129ceaae86258a4b7082d13d46 Mon Sep 17 00:00:00 2001
From: dmaiocchi <dmaiocchi@suse.com>
Date: Mon, 3 Aug 2020 12:05:38 +0200
Subject: [PATCH] Reduce ambiguity of headers

---
 ext/puma_http11/http11_parser.c  |  4 +++-
 ext/puma_http11/http11_parser.rl |  4 +++-
 lib/puma/server.rb               | 31 +++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/ext/puma_http11/http11_parser.c b/ext/puma_http11/http11_parser.c
index 453f8cd4..e8844a37 100644
--- a/ext/puma_http11/http11_parser.c
+++ b/ext/puma_http11/http11_parser.c
@@ -14,12 +14,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }
diff --git a/ext/puma_http11/http11_parser.rl b/ext/puma_http11/http11_parser.rl
index 880c1d40..62452ba7 100644
--- a/ext/puma_http11/http11_parser.rl
+++ b/ext/puma_http11/http11_parser.rl
@@ -12,12 +12,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }
diff --git a/lib/puma/server.rb b/lib/puma/server.rb
index 49455c57..2a34f4cf 100644
--- a/lib/puma/server.rb
+++ b/lib/puma/server.rb
@@ -636,6 +636,37 @@ module Puma
         }
       end
 
+      # Fixup any headers with , in the name to have _ now. We emit
+      # headers with , in them during the parse phase to avoid ambiguity
+      # with the - to _ conversion for critical headers. But here for
+      # compatibility, we'll convert them back. This code is written to
+      # avoid allocation in the common case (ie there are no headers
+      # with , in their names), that's why it has the extra conditionals.
+
+      to_delete = nil
+      to_add = nil
+
+      env.each do |k,v|
+        if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING"
+          if to_delete
+            to_delete << k
+          else
+            to_delete = [k]
+          end
+
+          unless to_add
+            to_add = {}
+          end
+
+          to_add[k.gsub(",", "_")] = v
+        end
+      end
+
+      if to_delete
+        to_delete.each { |k| env.delete(k) }
+        env.merge! to_add
+      end
+
       # A rack extension. If the app writes #call'ables to this
       # array, we will invoke them when the request is done.
       #
-- 
2.26.2