File CVE-2020-11076.patch of Package rubygem-puma.15815

commit 20b1b96a5a45bd90fb29c5da41986b352066c3db
Author: Evan Phoenix <evan@phx.io>
Date:   Mon May 18 14:43:00 2020 -0700

    Better handle client input
    
    (cherry picked from commit 87e7fe46fdadd9ccc83fdd41d33a25b931a1644b)

diff --git a/lib/puma/client.rb b/lib/puma/client.rb
index c02b7baf90ba..2f71e48f8afd 100644
--- a/lib/puma/client.rb
+++ b/lib/puma/client.rb
@@ -218,8 +218,16 @@ module Puma
 
       te = @env[TRANSFER_ENCODING2]
 
-      if te == CHUNKED
-        return setup_chunked_body(body)
+      if te
+        if te.include?(",")
+          te.split(",").each do |part|
+            if CHUNKED.casecmp(part.strip) == 0
+              return setup_chunked_body(body)
+            end
+          end
+        elsif CHUNKED.casecmp(te) == 0
+          return setup_chunked_body(body)
+        end
       end
 
       @chunked_body = false

Places

File CVE-2020-11076.patch of Package rubygem-puma.15815

Places