Projects
Mega:24.09
rubygem-rack
_service:tar_scm:Fix-CVE-2024-26141.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:Fix-CVE-2024-26141.patch of Package rubygem-rack
From 72ecb3f4e05b2fc0a5073d23fd178686818eb958 Mon Sep 17 00:00:00 2001 From: Aaron Patterson <tenderlove@ruby-lang.org> Date: Tue, 13 Feb 2024 13:34:34 -0800 Subject: [PATCH] Return an empty array when ranges are too large If the sum of the requested ranges is larger than the file itself, return an empty array. In other words, refuse to respond with any bytes. [CVE-2024-26141] --- lib/rack/utils.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index ca6182c..199312f 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -379,6 +379,9 @@ module Rack end ranges << (r0..r1) if r0 <= r1 end + + return [] if ranges.map(&:size).sum > size + ranges end -- 2.43.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2