python-bottle/0002-bottle-0.12.13-CVE-2022-31799.patch

46 lines
1.5 KiB
Diff
Raw Permalink Normal View History

2023-05-08 08:57:12 +00:00
From db0c0e711b0eb95df592d22890a043e2c0dd741e Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Thu, 26 May 2022 14:49:32 +0200
Subject: [PATCH] Gracefully handle errors during early request binding.
Upstream-commit: e140e1b54da721a660f2eb9d58a106b7b3ff2f00
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
bottle.py | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/bottle.py b/bottle.py
index 94fe8a6..74cb169 100644
--- a/bottle.py
+++ b/bottle.py
@@ -841,17 +841,19 @@ class Bottle(object):
return tob(template(ERROR_PAGE_TEMPLATE, e=res))
def _handle(self, environ):
- path = environ['bottle.raw_path'] = environ['PATH_INFO']
- if py3k:
- try:
- environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
- except UnicodeError:
- return HTTPError(400, 'Invalid path string. Expected UTF-8')
-
try:
+
environ['bottle.app'] = self
request.bind(environ)
response.bind()
+
+ path = environ['bottle.raw_path'] = environ['PATH_INFO']
+ if py3k:
+ try:
+ environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+ except UnicodeError:
+ return HTTPError(400, 'Invalid path string. Expected UTF-8')
+
try:
self.trigger_hook('before_request')
route, args = self.router.match(environ)
--
2.37.1