File CVE-2023-47641.patch of Package python-aiohttp.40456

---
 aiohttp/http_parser.py           |    8 ++++++--
 tests/test_http_parser.py        |    9 +++++++++
 vendor/http-parser/http_parser.c |    4 ++++
 3 files changed, 19 insertions(+), 2 deletions(-)

Index: aiohttp-3.6.0/aiohttp/http_parser.py
===================================================================
--- aiohttp-3.6.0.orig/aiohttp/http_parser.py	2025-09-03 23:14:49.104124337 +0200
+++ aiohttp-3.6.0/aiohttp/http_parser.py	2025-09-03 23:14:50.692948441 +0200
@@ -14,6 +14,7 @@
 from .base_protocol import BaseProtocol
 from .helpers import NO_EXTENSIONS, BaseTimerContext
 from .http_exceptions import (
+    BadHttpMessage,
     BadStatusLine,
     ContentEncodingError,
     ContentLengthError,
@@ -406,8 +407,11 @@
 
         # chunking
         te = headers.get(hdrs.TRANSFER_ENCODING)
-        if te and 'chunked' in te.lower():
-            chunked = True
+        if te is not None:
+            if 'chunked' in te.lower():
+                chunked = True
+            if hdrs.CONTENT_LENGTH in headers:
+                raise BadHttpMessage('unexpected content-length header')
 
         return (headers, raw_headers, close_conn, encoding, upgrade, chunked)
 
Index: aiohttp-3.6.0/tests/test_http_parser.py
===================================================================
--- aiohttp-3.6.0.orig/tests/test_http_parser.py	2025-09-03 23:14:49.104464607 +0200
+++ aiohttp-3.6.0/tests/test_http_parser.py	2025-09-03 23:14:50.693214749 +0200
@@ -268,6 +268,15 @@
     assert isinstance(payload, streams.StreamReader)
 
 
+def test_request_te_chunked_with_content_length(parser) -> None:
+    text = (b'GET /test HTTP/1.1\r\n'
+            b'content-length: 1234\r\n'
+            b'transfer-encoding: chunked123\r\n\r\n'
+    )
+    with pytest.raises(http_exceptions.BadHttpMessage):
+        parser.feed_data(text)
+
+
 def test_conn_upgrade(parser) -> None:
     text = (b'GET /test HTTP/1.1\r\n'
             b'connection: upgrade\r\n'
Index: aiohttp-3.6.0/vendor/http-parser/http_parser.c
===================================================================
--- aiohttp-3.6.0.orig/vendor/http-parser/http_parser.c	2019-09-06 14:54:34.000000000 +0200
+++ aiohttp-3.6.0/vendor/http-parser/http_parser.c	2025-09-03 23:14:50.693489647 +0200
@@ -1548,6 +1548,10 @@
                 h_state = h_general;
               } else if (parser->index == sizeof(CHUNKED)-2) {
                 h_state = h_transfer_encoding_chunked;
+                if (parser->flags & F_CONTENTLENGTH) {
+                  SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
+                  goto error;
+                }
               }
               break;