projects
/
platform
/
upstream
/
python.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e256703
)
[CVE-2021-3733] Fix ReDoS in request
34/290534/1
author
JinWang An
<jinwang.an@samsung.com>
Tue, 28 Mar 2023 08:07:59 +0000
(17:07 +0900)
committer
JinWang An
<jinwang.an@samsung.com>
Tue, 28 Mar 2023 08:07:59 +0000
(17:07 +0900)
Change-Id: I9d4f7bf7e4ce08fe9f8165fcd16b9e17d1de193a
Signed-off-by: JinWang An <jinwang.an@samsung.com>
Lib/urllib2.py
patch
|
blob
|
history
diff --git
a/Lib/urllib2.py
b/Lib/urllib2.py
index
8b634ad
..
5848f10
100644
(file)
--- a/
Lib/urllib2.py
+++ b/
Lib/urllib2.py
@@
-856,7
+856,7
@@
class AbstractBasicAuthHandler:
# allow for double- and single-quoted realm values
# (single quotes are a violation of the RFC, but appear in the wild)
- rx = re.compile('(?:
.*,)*[ \t]*([^ \t
]+)[ \t]+'
+ rx = re.compile('(?:
[^,]*,)*[ \t]*([^ \t,
]+)[ \t]+'
'realm=(["\']?)([^"\']*)\\2', re.I)
# XXX could pre-emptively send auth info already accepted (RFC 2617,