packages/python-werkzeug
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-werkzeug/CVE-2023-23934.patch
starlet-dx 6e2b684b61 Fix CVE-2023-23934 and CVE-2023-25577 
(cherry picked from commit a28c3782e3a95a6bb9e97f75cd0eb29523573403)
2023-08-15 11:02:06 +08:00

74 lines
2.2 KiB
Diff
Raw Blame History

From ff93ffb858db15ec70ba57b7850cb9cb01d531c8 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Tue, 15 Aug 2023 09:56:10 +0800
Subject: [PATCH 1/1] don't strip leading = when parsing cookie
Origin:
https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4
---
src/werkzeug/_internal.py | 13 +++++++++----
tests/test_http.py | 2 ++
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index 1d2eaf5..fe69ccb 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -40,7 +40,7 @@ _quote_re = re.compile(br"[\\].")
_legal_cookie_chars_re = br"[\w\d!#%&\'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]"
_cookie_re = re.compile(
br"""
- (?P<key>[^=;]+)
+ (?P<key>[^=;]*)
(?:\s*=\s*
(?P<val>
"(?:[^\\"]|\\.)*" |
@@ -316,16 +316,21 @@ def _cookie_parse_impl(b):
"""Lowlevel cookie parsing facility that operates on bytes."""
i = 0
n = len(b)
+ b += b";"
while i < n:
- match = _cookie_re.search(b + b";", i)
+ match = _cookie_re.match(b, i)
+
if not match:
break
- key = match.group("key").strip()
- value = match.group("val") or b""
i = match.end(0)
+ key = match.group("key").strip()
+
+ if not key:
+ continue
+ value = match.group("val") or b""
yield _cookie_unquote(key), _cookie_unquote(value)
diff --git a/tests/test_http.py b/tests/test_http.py
index 5725170..58042c0 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -446,6 +446,7 @@ class TestHTTPUtility(object):
cookies = http.parse_cookie(
"dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;"
' a=42; b="\\";"; ; fo234{=bar;blub=Blah;'
+ "==__Host-eq=bad;__Host-eq=good;"
)
assert cookies.to_dict() == {
"CP": u"null*",
@@ -455,6 +456,7 @@ class TestHTTPUtility(object):
"b": u'";',
"fo234{": u"bar",
"blub": u"Blah",
+ "__Host-eq": "good",
}
def test_dump_cookie(self):
--
2.30.0
Reference in New Issue View Git Blame Copy Permalink