meta-openembedded/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-3.patch

From 5897923d523b357f93eb844e386bcc52c5490cdc Mon Sep 17 00:00:00 2001
From: Tom Most <twm@freecog.net>
Date: Mon, 7 Mar 2022 00:03:50 -0800
Subject: [PATCH] Strip only spaces and tabs from header values

Upstream-Status: Backport [https://github.com/twisted/twisted/commit/c3a4e1d015740c1d87a3ec7d57570257e75b0062]
CVE: CVE-2022-24801
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 src/twisted/web/http.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
index 5491953..262da0b 100644
--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
@@ -2327,7 +2327,7 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
             return False
 
         header = header.lower()
-        data = data.strip()
+        data = data.strip(b" \t")
 
         if not self._maybeChooseTransferDecoder(header, data):
             return False