From 19f833dbb5ec21e291ec6ad61c9cb76f261d1907 Mon Sep 17 00:00:00 2001 From: Yusuke Endoh Date: Tue, 29 Sep 2020 13:15:58 +0900 Subject: [PATCH] [PATCH] Make it more strict to interpret some headers Some regexps were too tolerant. Gbp-Pq: Name CVE-2020-25613.patch --- lib/webrick/httprequest.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index 6fc85a4..86140ab 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -226,9 +226,9 @@ module WEBrick raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." end - if /close/io =~ self["connection"] + if /\Aclose\z/io =~ self["connection"] @keep_alive = false - elsif /keep-alive/io =~ self["connection"] + elsif /\Akeep-alive\z/io =~ self["connection"] @keep_alive = true elsif @http_version < "1.1" @keep_alive = false @@ -475,7 +475,7 @@ module WEBrick return unless socket if tc = self['transfer-encoding'] case tc - when /chunked/io then read_chunked(socket, block) + when /\Achunked\z/io then read_chunked(socket, block) else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." end elsif self['content-length'] || @remaining_size -- 2.30.2