Overview

File rubygem-rack-1_4-CVE-2024-25126.patch of Package rubygem-rack-1_4.33004

Index: rack-1.4.5/lib/rack/request.rb
===================================================================
--- rack-1.4.5.orig/lib/rack/request.rb
+++ rack-1.4.5/lib/rack/request.rb
@@ -44,7 +44,12 @@ module Rack
     # For more information on the use of media types in HTTP, see:
     # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
     def media_type
-      content_type && content_type.split(/\s*[;,]\s*/, 2).first.downcase
+      return nil unless content_type
+      if type = content_type.split(/[;,]/, 2).first
+        type.rstrip!
+        type.downcase!
+        type
+      end
     end
 
     # The media type parameters provided in CONTENT_TYPE as a Hash, or
@@ -54,9 +59,12 @@ module Rack
     #   { 'charset' => 'utf-8' }
     def media_type_params
       return {} if content_type.nil?
-      Hash[*content_type.split(/\s*[;,]\s*/)[1..-1].
-        collect { |s| s.split('=', 2) }.
-        map { |k,v| [k.downcase, v] }.flatten]
+      content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
+        s.strip!
+        k, v = s.split('=', 2)
+        k.downcase!
+        hsh[k] = v
+      end
     end
 
     # The character set of the request body if a "charset" media type
openSUSE Build Service is sponsored by
Places