mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-01-27 12:01:38 +01:00
1bd2effd23
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49769 Pick the patch that is referenced in the NVD report (which is a merge commit. The patches here are the individual patches from that merge). Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From ee501847c38e21be0683ba81925472f219044a65 Mon Sep 17 00:00:00 2001
|
|
From: Delta Regeer <bertjw@regeer.org>
|
|
Date: Sun, 3 Mar 2024 16:26:22 -0700
|
|
Subject: [PATCH] Don't exit handle_write early -- even if socket is not
|
|
connected
|
|
|
|
Calling handle_close() multiple times does not hurt anything, and is
|
|
safe.
|
|
|
|
CVE: CVE-2024-49769
|
|
Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/8cba302b1ac08c2874ae179b2af2445e89311bac]
|
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
|
---
|
|
src/waitress/channel.py | 6 ------
|
|
1 file changed, 6 deletions(-)
|
|
|
|
diff --git a/src/waitress/channel.py b/src/waitress/channel.py
|
|
index cf19ef2..f4d9677 100644
|
|
--- a/src/waitress/channel.py
|
|
+++ b/src/waitress/channel.py
|
|
@@ -91,13 +91,7 @@ class HTTPChannel(wasyncore.dispatcher):
|
|
# Precondition: there's data in the out buffer to be sent, or
|
|
# there's a pending will_close request
|
|
|
|
- if not self.connected:
|
|
- # we dont want to close the channel twice
|
|
-
|
|
- return
|
|
-
|
|
# try to flush any pending output
|
|
-
|
|
if not self.requests:
|
|
# 1. There are no running tasks, so we don't need to try to lock
|
|
# the outbuf before sending
|