Overview

File CVE-2020-11076.patch of Package rubygem-puma.16022

From 092fb5a5d096c22c2dfb1ebf38b0da0401d7da67 Mon Sep 17 00:00:00 2001
From: Evan Phoenix <evan@phx.io>
Date: Mon, 18 May 2020 14:43:00 -0700
Subject: [PATCH] Better handle client input

---
 lib/puma/client.rb | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/puma/client.rb b/lib/puma/client.rb
index f0dc872e..d36e8dc7 100644
--- a/lib/puma/client.rb
+++ b/lib/puma/client.rb
@@ -230,8 +230,16 @@ module Puma
 
       te = @env[TRANSFER_ENCODING2]
 
-      if te && CHUNKED.casecmp(te) == 0
-        return setup_chunked_body(body)
+      if te
+        if te.include?(",")
+          te.split(",").each do |part|
+            if CHUNKED.casecmp(part.strip) == 0
+              return setup_chunked_body(body)
+            end
+          end
+        elsif CHUNKED.casecmp(te) == 0
+          return setup_chunked_body(body)
+        end
       end
 
       @chunked_body = false
-- 
2.26.2
openSUSE Build Service is sponsored by
Places