Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
python-mitmproxy.18042
CVE-2021-39214.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-39214.patch of Package python-mitmproxy.18042
From b41416b729214e14300ee25df706c907a0fdb008 Mon Sep 17 00:00:00 2001 From: Maximilian Hils <git@maximilianhils.com> Date: Thu, 16 Sep 2021 11:12:59 +0200 Subject: [PATCH] Merge pull request from GHSA-22gh-3r9q-xf38 This commit makes mitmproxy hard-fail when it encounters any attempts at request/response smuggling. For details, see https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 --- mitmproxy/net/http/http1/read.py | 104 ++++++++++++++++-- mitmproxy/proxy/layers/http/_http1.py | 18 +-- mitmproxy/proxy/layers/http/_http2.py | 4 +- test/mitmproxy/net/http/http1/test_read.py | 32 +++++- test/mitmproxy/proxy/layers/http/test_http.py | 29 +++++ .../mitmproxy/proxy/layers/http/test_http2.py | 49 +++++++++ 6 files changed, 210 insertions(+), 26 deletions(-) Index: mitmproxy-3.0.4/mitmproxy/net/http/http1/read.py =================================================================== --- mitmproxy-3.0.4.orig/mitmproxy/net/http/http1/read.py +++ mitmproxy-3.0.4/mitmproxy/net/http/http1/read.py @@ -201,13 +201,43 @@ def expected_http_body_size(request, res return 0 if 100 <= response_code <= 199: return 0 - if response_code == 200 and request.method.upper() == "CONNECT": - return 0 if response_code in (204, 304): return 0 + if 200 <= response.code <= 299 and request.method.upper() == "CONNECT": + return 0 + + if "transfer-encoding" in headers: + if "content-length" in headers: + raise ValueError("Received both a Transfer-Encoding and a Content-Length header, " + "refusing as recommended in RFC 7230 Section 3.3.3. " + "See https://github.com/mitmproxy/mitmproxy/issues/4799 for details.") + + te: str = headers["transfer-encoding"] + if not te.isascii(): + # guard against .lower() transforming non-ascii to ascii + raise ValueError(f"Invalid transfer encoding: {te!r}") + te = te.lower().strip("\t ") + te = re.sub(r"[\t ]*,[\t ]*", ",", te) + if te in ( + "chunked", + "compress,chunked", + "deflate,chunked", + "gzip,chunked", + ): + return None + elif te in ( + "compress", + "deflate", + "gzip", + "identity", + ): + if response: + return -1 + else: + raise ValueError(f"Invalid request transfer encoding, message body cannot be determined reliably.") + else: + raise ValueError(f"Unknown transfer encoding: {headers['transfer-encoding']!r}") - if "chunked" in headers.get("transfer-encoding", "").lower(): - return None if "content-length" in headers: try: sizes = headers.get_all("content-length") Index: mitmproxy-3.0.4/mitmproxy/proxy/protocol/http2.py =================================================================== --- mitmproxy-3.0.4.orig/mitmproxy/proxy/protocol/http2.py +++ mitmproxy-3.0.4/mitmproxy/proxy/protocol/http2.py @@ -98,7 +98,7 @@ class Http2Layer(base.Layer): client_side=False, header_encoding=False, validate_outbound_headers=False, - validate_inbound_headers=False) + validate_inbound_headers=True) self.connections[self.client_conn] = SafeH2Connection(self.client_conn, config=config) def _initiate_server_conn(self): @@ -107,7 +107,7 @@ class Http2Layer(base.Layer): client_side=True, header_encoding=False, validate_outbound_headers=False, - validate_inbound_headers=False) + validate_inbound_headers=True) self.connections[self.server_conn] = SafeH2Connection(self.server_conn, config=config) self.connections[self.server_conn].initiate_connection() self.server_conn.send(self.connections[self.server_conn].data_to_send())
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor