Overview

File CVE-2022-31081.patch of Package perl-HTTP-Daemon.25025

---
 lib/HTTP/Daemon.pm |   27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -282,6 +282,33 @@ sub get_request
 
     }
     elsif ($len) {
+
+	# After a security issue, we ensure we comply to
+        # RFC-7230 -- HTTP/1.1 Message Syntax and Routing
+        # section 3.3.2 -- Content-Length
+        # section 3.3.3 -- Message Body Length
+
+        # split and clean up Content-Length ', ' separated string
+        my @vals = map {my $str = $_; $str =~ s/^\s+//; $str =~ s/\s+$//; $str }
+            split ',', $len;
+        # check that they are all numbers (RFC: Content-Length = 1*DIGIT)
+        my @nums = grep { /^[0-9]+$/} @vals;
+        unless (@vals == @nums) {
+            $self->send_error(400);
+            $self->reason("Content-Length value must be a unsigned integer");
+            return;
+        }
+        # check they are all the same
+        my $len = shift @nums;
+        foreach (@nums) {
+            next if $_ == $len;
+            $self->send_error(400);
+            $self->reason("Content-Length values are not the same");
+            return;
+        }
+        # ensure we have now a fixed header, with only 1 value
+        $r->header('Content-Length' => $len);
+
 	# Plain body specified by "Content-Length"
 	my $missing = $len - length($buf);
 	while ($missing > 0) {
openSUSE Build Service is sponsored by
Places