Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
python3-gunicorn
CVE-2018-1000164.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-1000164.patch of Package python3-gunicorn
Index: gunicorn-19.3.0/gunicorn/http/wsgi.py =================================================================== --- gunicorn-19.3.0.orig/gunicorn/http/wsgi.py 2015-03-06 10:08:34.000000000 +0100 +++ gunicorn-19.3.0/gunicorn/http/wsgi.py 2018-04-09 13:47:42.525111144 +0200 @@ -10,6 +10,7 @@ import re import sys from gunicorn._compat import unquote_to_wsgi_str +from gunicorn.http.errors import InvalidHeader from gunicorn.six import string_types, binary_type, reraise from gunicorn import SERVER_SOFTWARE import gunicorn.six as six @@ -25,6 +26,7 @@ except ImportError: sendfile = None NORMALIZE_SPACE = re.compile(r'(?:\r\n)?[ \t]+') +HEADER_VALUE_RE = re.compile(r'[\x00-\x1F\x7F]') log = logging.getLogger(__name__) @@ -259,6 +261,8 @@ class Response(object): for name, value in headers: if not isinstance(name, string_types): raise TypeError('%r is not a string' % name) + if HEADER_VALUE_RE.search(value): + raise InvalidHeader('%r' % value) value = str(value).strip() lname = name.lower().strip() if lname == "content-length":
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor