File CVE-2020-11077.patch of Package rubygem-puma.15815

commit 18e188e1fa6aa30411766f1b629ed842f80dcecc
Author: Evan Phoenix <evan@phx.io>
Date:   Tue May 19 15:20:10 2020 -0700

    Reduce ambiguity of headers
    
    (cherry picked from commit 089df0727ffab1b3b69f2e6da40597c52e346013)

Index: puma-2.16.0/ext/puma_http11/http11_parser.c
===================================================================
--- puma-2.16.0.orig/ext/puma_http11/http11_parser.c
+++ puma-2.16.0/ext/puma_http11/http11_parser.c
@@ -13,12 +13,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }
Index: puma-2.16.0/ext/puma_http11/http11_parser.rl
===================================================================
--- puma-2.16.0.orig/ext/puma_http11/http11_parser.rl
+++ puma-2.16.0/ext/puma_http11/http11_parser.rl
@@ -11,12 +11,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }
Index: puma-2.16.0/lib/puma/server.rb
===================================================================
--- puma-2.16.0.orig/lib/puma/server.rb
+++ puma-2.16.0/lib/puma/server.rb
@@ -561,6 +561,37 @@ module Puma
       env[RACK_INPUT] = body
       env[RACK_URL_SCHEME] =  env[HTTPS_KEY] ? HTTPS : HTTP
 
+      # Fixup any headers with , in the name to have _ now. We emit
+      # headers with , in them during the parse phase to avoid ambiguity
+      # with the - to _ conversion for critical headers. But here for
+      # compatibility, we'll convert them back. This code is written to
+      # avoid allocation in the common case (ie there are no headers
+      # with , in their names), that's why it has the extra conditionals.
+
+      to_delete = nil
+      to_add = nil
+
+      env.each do |k,v|
+        if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING"
+          if to_delete
+            to_delete << k
+          else
+            to_delete = [k]
+          end
+
+          unless to_add
+            to_add = {}
+          end
+
+          to_add[k.gsub(",", "_")] = v
+        end
+      end
+
+      if to_delete
+        to_delete.each { |k| env.delete(k) }
+        env.merge! to_add
+      end
+
       # A rack extension. If the app writes #call'ables to this
       # array, we will invoke them when the request is done.
       #