projects / platform / upstream / python.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e256703)
[CVE-2021-3733] Fix ReDoS in request 34/290534/1
authorJinWang An <jinwang.an@samsung.com>
Tue, 28 Mar 2023 08:07:59 +0000 (17:07 +0900)
committerJinWang An <jinwang.an@samsung.com>
Tue, 28 Mar 2023 08:07:59 +0000 (17:07 +0900)
Change-Id: I9d4f7bf7e4ce08fe9f8165fcd16b9e17d1de193a
Signed-off-by: JinWang An <jinwang.an@samsung.com>
Lib/urllib2.py patch | blob | history

diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index 8b634ad..5848f10 100644 (file)
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -856,7 +856,7 @@ class AbstractBasicAuthHandler:
 
     # allow for double- and single-quoted realm values
     # (single quotes are a violation of the RFC, but appear in the wild)
-    rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
+    rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t,]+)[ \t]+'
                     'realm=(["\']?)([^"\']*)\\2', re.I)
 
     # XXX could pre-emptively send auth info already accepted (RFC 2617,
Domain: System / Base;