diff options
author | npt-1707 <[email protected]> | 2025-05-12 11:37:42 +0300 |
---|---|---|
committer | robot-piglet <[email protected]> | 2025-05-12 11:51:50 +0300 |
commit | bf1279129bcf6c1b1001e39c39a13d80737898d3 (patch) | |
tree | cb4abf79cf9999e8a48e37badced7fc0a141ac1a | |
parent | 3828d7ccd94bdcdb1515d956d96f5050b158f3f4 (diff) |
Fix potential vulnerable cloned function
* Changelog entry
Type: fix
Component: contrib/restricted/http-parser/http_parser.c
Hi there,
I identified another vulnerability in a clone function http_parser_execute() in `contrib/restricted/http-parser/http_parser.c` sourced from [nodejs/node](https://github.com/nodejs/node). This issue, originally reported in-8287](https://nvd.nist.gov/vuln/detail/cve-2020-8287), was resolved in the repository via this commit https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e.
This PR applies the corresponding patch to fix the vulnerabilities in this codebase.
Please review at your convenience. Thank you!
---
Pull Request resolved: https://github.com/ytsaurus/ytsaurus/pull/1260
Co-authored-by: nadya02 <[email protected]>
commit_hash:074ecc3485a1c90bd75678a6464ea12654804660
-rw-r--r-- | contrib/restricted/http-parser/http_parser.c | 6 | ||||
-rw-r--r-- | contrib/restricted/http-parser/patches/parser-flags.patch | 16 |
2 files changed, 22 insertions, 0 deletions
diff --git a/contrib/restricted/http-parser/http_parser.c b/contrib/restricted/http-parser/http_parser.c index 95ff42f783d..726810366a1 100644 --- a/contrib/restricted/http-parser/http_parser.c +++ b/contrib/restricted/http-parser/http_parser.c @@ -1342,6 +1342,12 @@ reexecute: } else if (parser->index == sizeof(TRANSFER_ENCODING)-2) { parser->header_state = h_transfer_encoding; parser->extra_flags |= F_TRANSFER_ENCODING >> 8; + /* Multiple `Transfer-Encoding` headers should be treated as + * one, but with values separate by a comma. + * + * See: https://tools.ietf.org/html/rfc7230#section-3.2.2 + */ + parser->flags &= ~F_CHUNKED; } break; diff --git a/contrib/restricted/http-parser/patches/parser-flags.patch b/contrib/restricted/http-parser/patches/parser-flags.patch new file mode 100644 index 00000000000..71297c691bd --- /dev/null +++ b/contrib/restricted/http-parser/patches/parser-flags.patch @@ -0,0 +1,16 @@ +diff --git a/contrib/restricted/http-parser/http_parser.c b/contrib/restricted/http-parser/http_parser.c +index 95ff42f783d9..726810366a11 100644 +--- a/contrib/restricted/http-parser/http_parser.c ++++ b/contrib/restricted/http-parser/http_parser.c +@@ -1342,6 +1342,12 @@ size_t http_parser_execute (http_parser *parser, + } else if (parser->index == sizeof(TRANSFER_ENCODING)-2) { + parser->header_state = h_transfer_encoding; + parser->extra_flags |= F_TRANSFER_ENCODING >> 8; ++ /* Multiple `Transfer-Encoding` headers should be treated as ++ * one, but with values separate by a comma. ++ * ++ * See: https://tools.ietf.org/html/rfc7230#section-3.2.2 ++ */ ++ parser->flags &= ~F_CHUNKED; + } + break; |