File: CVE-2023-26117.patch

package info (click to toggle)
angular.js 1.8.3-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 46,680 kB
  • sloc: javascript: 232,261; sh: 703; pascal: 164; makefile: 139; xml: 6
file content (30 lines) | stat: -rw-r--r-- 1,154 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Mon, 12 May 2025 01:19:39 +0200
Subject: CVE-2023-26117

Fix by linear replace a redos

bug-poc: https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos?file=index.js
bug: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
bug-debian: https://bugs.debian.org/1036694
---
 src/ngResource/resource.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ngResource/resource.js b/src/ngResource/resource.js
index 11bb45b..3249e3e 100644
--- a/src/ngResource/resource.js
+++ b/src/ngResource/resource.js
@@ -651,7 +651,11 @@ angular.module('ngResource', ['ng']).
 
           // strip trailing slashes and set the url (unless this behavior is specifically disabled)
           if (self.defaults.stripTrailingSlashes) {
-            url = url.replace(/\/+$/, '') || '/';
+            var i = url.length - 1;
+            while (i >= 0 && url[i] == ('/')) {
+               i--;
+            }
+            url = url.slice(0,i + 1) || '/';
           }
 
           // Collapse `/.` if found in the last URL path segment before the query.