packages/python2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-8492

Browse Source
This commit is contained in:
梳碧湖的砍柴人 2020-03-13 15:52:28 +08:00
parent b4ad5a0d98
commit b8861bd282
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CVE-2020-8492.patch Normal file
View File

@ -0,0 +1,45 @@
From dbcfc664ee7ae6e9e97ca0d69ad6581a36871836 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@python.org>
Date: Thu, 30 Jan 2020 16:13:03 +0100
Subject: [PATCH] bpo-39503: Fix urllib basic auth regex
The AbstractBasicAuthHandler class of the urllib.request module uses
an inefficient regular expression which can be exploited by an
attacker to cause a denial of service. Fix the regex to prevent the
catastrophic backtracking.
Vulnerability reported by Matt Schwager.
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
Lib/urllib2.py | 2 +-
.../next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index fd19e1a..1596a51 100644
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -858,7 +858,7 @@ class AbstractBasicAuthHandler:
# allow for double- and single-quoted realm values
# (single quotes are a violation of the RFC, but appear in the wild)
- rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
+ rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+'
'realm=(["\']?)([^"\']*)\\2', re.I)
# XXX could pre-emptively send auth info already accepted (RFC 2617,
diff --git a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
new file mode 100644
index 0000000..92f186d
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
@@ -0,0 +1,4 @@
+CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the
+:mod:`urllib.request` module uses an inefficient regular expression which can
+be exploited by an attacker to cause a denial of service. Fix the regex to
+prevent the catastrophic backtracking. Vulnerability reported by Matt Schwager.
--
2.23.0

9
python2.spec
View File

@ -15,7 +15,7 @@
%undefine _debuginfo_subpackages %undefine _debuginfo_subpackages
Name: python2 Name: python2
Version: 2.7.16 Version: 2.7.16
Release: 14 Release: 15
Summary: Python is an interpreted, interactive object-oriented programming language suitable Summary: Python is an interpreted, interactive object-oriented programming language suitable
License: Python License: Python
URL: https://www.python.org/ URL: https://www.python.org/
@ -100,6 +100,7 @@ Patch6056: CVE-2019-16935.patch
Patch6057: CVE-2019-17514.patch Patch6057: CVE-2019-17514.patch
Patch6058: CVE-2017-18207.patch Patch6058: CVE-2017-18207.patch
Patch6059: bugfix-excessive-memory-usage-when-using-regular-expressions.patch Patch6059: bugfix-excessive-memory-usage-when-using-regular-expressions.patch
Patch6060: CVE-2020-8492.patch
BuildRequires: libdb-devel libffi-devel valgrind-devel ncurses-devel expat-devel readline-devel BuildRequires: libdb-devel libffi-devel valgrind-devel ncurses-devel expat-devel readline-devel
BuildRequires: openssl-devel libtirpc-devel tcl-devel tk-devel glibc-devel libnsl2-devel BuildRequires: openssl-devel libtirpc-devel tcl-devel tk-devel glibc-devel libnsl2-devel
@ -634,6 +635,12 @@ sed -e "s|LIBRARY_PATH|%{_libdir}/%{py_INSTSONAME_debug}|" %{SOURCE1} \
%{dynload_dir}/_testcapimodule_d.so %{dynload_dir}/_testcapimodule_d.so
%changelog %changelog
* Fri Mar 6 2020 hanxinke<hanxinke@huawei.com> - 2.7.16-15
- Type:cves
- ID:CVE-2020-8492
- SUG:NA
- DESC:fix CVE-2020-8492
* Sat Feb 29 2020 hanxinke<hanxinke@huawei.com> - 2.7.16-14 * Sat Feb 29 2020 hanxinke<hanxinke@huawei.com> - 2.7.16-14
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA