From 74c6454b0789d009a13288aba4b23258a7dcd16b Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Thu, 16 Nov 2023 10:59:36 +0800
Subject: [PATCH] Fix CVE-2023-47641

(cherry picked from commit 095c70795fd15e0e3910d7f7b0bff2eaa83e9e2d)
---
 CVE-2023-47641.patch | 77 ++++++++++++++++++++++++++++++++++++++++++++
 python-aiohttp.spec  |  9 ++++--
 2 files changed, 84 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2023-47641.patch

diff --git a/CVE-2023-47641.patch b/CVE-2023-47641.patch
new file mode 100644
index 0000000..2afc5b9
--- /dev/null
+++ b/CVE-2023-47641.patch
@@ -0,0 +1,77 @@
+From f016f0680e4ace6742b03a70cb0382ce86abe371 Mon Sep 17 00:00:00 2001
+From: Andrew Svetlov <andrew.svetlov@gmail.com>
+Date: Sun, 31 Oct 2021 19:03:06 +0200
+Subject: [PATCH] Raise '400: Content-Length can't be present with
+ Transfer-Encoding' if both Content-Length and Transfer-Encoding are sent by
+ peer (#6182)
+
+---
+ CHANGES/6182.bugfix       |  1 +
+ aiohttp/http_parser.py    | 12 ++++++++++--
+ tests/test_http_parser.py | 15 ++++++++++++++-
+ 3 files changed, 25 insertions(+), 3 deletions(-)
+ create mode 100644 CHANGES/6182.bugfix
+
+diff --git a/CHANGES/6182.bugfix b/CHANGES/6182.bugfix
+new file mode 100644
+index 0000000000..28daaa328a
+--- /dev/null
++++ b/CHANGES/6182.bugfix
+@@ -0,0 +1 @@
++Raise ``400: Content-Length can't be present with Transfer-Encoding`` if both ``Content-Length`` and ``Transfer-Encoding`` are sent by peer by both C and Python implementations
+diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py
+index 4a4ae31ae6..e1b86e8e4f 100644
+--- a/aiohttp/http_parser.py
++++ b/aiohttp/http_parser.py
+@@ -28,6 +28,7 @@
+ from .base_protocol import BaseProtocol
+ from .helpers import NO_EXTENSIONS, BaseTimerContext
+ from .http_exceptions import (
++    BadHttpMessage,
+     BadStatusLine,
+     ContentEncodingError,
+     ContentLengthError,
+@@ -489,8 +490,15 @@ def parse_headers(
+ 
+         # chunking
+         te = headers.get(hdrs.TRANSFER_ENCODING)
+-        if te and "chunked" in te.lower():
+-            chunked = True
++        if te is not None:
++            te_lower = te.lower()
++            if "chunked" in te_lower:
++                chunked = True
++
++            if hdrs.CONTENT_LENGTH in headers:
++                raise BadHttpMessage(
++                    "Content-Length can't be present with Transfer-Encoding",
++                )
+ 
+         return (headers, raw_headers, close_conn, encoding, upgrade, chunked)
+ 
+diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py
+index 78e9ea6401..d86d238f58 100644
+--- a/tests/test_http_parser.py
++++ b/tests/test_http_parser.py
+@@ -291,7 +291,20 @@ def test_request_chunked(parser) -> None:
+     assert isinstance(payload, streams.StreamReader)
+ 
+ 
+-def test_conn_upgrade(parser) -> None:
++def test_request_te_chunked_with_content_length(parser: Any) -> None:
++    text = (
++        b"GET /test HTTP/1.1\r\n"
++        b"content-length: 1234\r\n"
++        b"transfer-encoding: chunked\r\n\r\n"
++    )
++    with pytest.raises(
++        http_exceptions.BadHttpMessage,
++        match="Content-Length can't be present with Transfer-Encoding",
++    ):
++        parser.feed_data(text)
++
++
++def test_conn_upgrade(parser: Any) -> None:
+     text = (
+         b"GET /test HTTP/1.1\r\n"
+         b"connection: upgrade\r\n"
diff --git a/python-aiohttp.spec b/python-aiohttp.spec
index a7eff12..7981b13 100644
--- a/python-aiohttp.spec
+++ b/python-aiohttp.spec
@@ -1,11 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-aiohttp
 Version:	3.7.4
-Release:	1
+Release:	2
 Summary:	Async http client/server framework (asyncio)
 License:	Apache 2
 URL:		https://github.com/aio-libs/aiohttp
 Source0:	https://files.pythonhosted.org/packages/99/f5/90ede947a3ce2d6de1614799f5fea4e93c19b6520a59dc5d2f64123b032f/aiohttp-3.7.4.post0.tar.gz
+# https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
+Patch0:         CVE-2023-47641.patch
 
 BuildRequires:	python3-attrs
 BuildRequires:	python3-chardet
@@ -36,7 +38,7 @@ Provides:	python3-aiohttp-doc
 Development documents and examples for aiohttp.
 
 %prep
-%autosetup -n aiohttp-3.7.4.post0
+%autosetup -n aiohttp-3.7.4.post0 -p1
 
 %build
 %py3_build
@@ -76,5 +78,8 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Thu Nov 16 2023 yaoxin <yao_xin001@hoperun.com> - 3.7.4-2
+- Fix CVE-2023-47641
+
 * Fri Jul 23 2021 wutao <wutao61@huawei.com> - 3.7.4-1
 - Package init
-- 
Gitee