From 88f02bc335d5404991e532e7f3b0fc80437bf4e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alex=20Gr=C3=B6nholm?= <alex.gronholm@nextday.fi>
Date: Thu, 20 Oct 2022 17:13:23 +0300
Subject: [PATCH] Fixed potential DoS attack via WHEEL_INFO_RE

Refer: https://github.com/pypa/wheel/issues/498

---
 wheel/install.py | 4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wheel/install.py b/wheel/install.py
index a0c9d2a5..b985774e 100644
--- a/wheel/install.py
+++ b/wheel/install.py
@@ -16,8 +16,8 @@
 # Non-greedy matching of an optional build number may be too clever (more
 # invalid wheel filenames will match). Separate regex for .dist-info?
 WHEEL_INFO_RE = re.compile(
-    r"""^(?P<namever>(?P<name>.+?)-(?P<ver>\d.*?))(-(?P<build>\d.*?))?
-     -(?P<pyver>[a-z].+?)-(?P<abi>.+?)-(?P<plat>.+?)(\.whl|\.dist-info)$""",
+    r"""^(?P<namever>(?P<name>[^-]+?)-(?P<ver>\d[^-]*?))(-(?P<build>\d[^-]*?))?
+     -(?P<pyver>[a-z][^-]+?)-(?P<abi>[^-]+?)-(?P<plat>[^.]+?)(\.whl|\.dist-info)$""",
     re.VERBOSE).match