rpms / bzr

Clone
Source Code
GIT

Blame SOURCES/bzr-cve2013-2099.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   15ecb499ceee840e7914ca82c0dc5b1475e4a931
  2.   SOURCES
  3.   bzr-cve2013-2099.patch
Blob History Raw
689774 
diff -up bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py.cve2013-2099 bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py
689774 
--- bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py.cve2013-2099	2013-05-23 12:07:10.582233513 -0700
689774 
+++ bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py	2013-05-23 12:08:34.177346810 -0700
689774 
@@ -399,9 +399,16 @@ class HTTPConnection(AbstractHTTPConnect
689774
689774 
 # These two methods were imported from Python 3.2's ssl module
689774
689774 
-def _dnsname_to_pat(dn):
689774 
+def _dnsname_to_pat(dn, max_wildcards=1):
689774 
     pats = []
689774 
     for frag in dn.split(r'.'):
689774 
+        if frag.count('*') > max_wildcards:
689774 
+            # Issue #17980: avoid denials of service by refusing more
689774 
+            # than one wildcard per fragment.  A survery of established
689774 
+            # policy among SSL implementations showed it to be a
689774 
+            # reasonable choice.
689774 
+            raise errors.CertificateError(
689774 
+                "too many wildcards in certificate DNS name: " + repr(dn))
689774 
         if frag == '*':
689774 
             # When '*' is a fragment by itself, it matches a non-empty dotless
689774 
             # fragment.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation