mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 10:59:19 +00:00
4441e16eb5
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-58068 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
From 2353500dc28eab63b47930851c75e9268a69ef1e Mon Sep 17 00:00:00 2001
|
|
From: sebsrt <s@sebsrt.xyz>
|
|
Date: Mon, 11 Aug 2025 11:46:28 +0200
|
|
Subject: [PATCH] [SECURITY] Fix request smuggling vulnerability by discarding
|
|
trailers (#1062)
|
|
|
|
The WSGI parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. This patch fix that by discarding trailers.
|
|
|
|
CVE: CVE-2025-58068
|
|
Upstream-Status: Backport [https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb]
|
|
(cherry picked from commit 0bfebd1117d392559e25b4bfbfcc941754de88fb)
|
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
|
---
|
|
eventlet/wsgi.py | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/eventlet/wsgi.py b/eventlet/wsgi.py
|
|
index 3b530b18..28ad2666 100644
|
|
--- a/eventlet/wsgi.py
|
|
+++ b/eventlet/wsgi.py
|
|
@@ -153,6 +153,12 @@ class Input:
|
|
read = b''
|
|
self.position += len(read)
|
|
return read
|
|
+
|
|
+ def _discard_trailers(self, rfile):
|
|
+ while True:
|
|
+ line = rfile.readline()
|
|
+ if not line or line in (b'\r\n', b'\n', b''):
|
|
+ break
|
|
|
|
def _chunked_read(self, rfile, length=None, use_readline=False):
|
|
if self.should_send_hundred_continue:
|
|
@@ -203,7 +209,7 @@ class Input:
|
|
raise ChunkReadError(err)
|
|
self.position = 0
|
|
if self.chunk_length == 0:
|
|
- rfile.readline()
|
|
+ self._discard_trailers(rfile)
|
|
except greenio.SSL.ZeroReturnError:
|
|
pass
|
|
return b''.join(response)
|