Tree - rpms/bzr - CentOS Git server

Blob History Raw

		668aba	`diff -up bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py.cve2013-2099 bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py`
		668aba	`--- bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py.cve2013-2099 2013-05-23 12:07:10.582233513 -0700`
		668aba	`+++ bzr-2.5.1/bzrlib/transport/http/_urllib2_wrappers.py 2013-05-23 12:08:34.177346810 -0700`
		668aba	`@@ -399,9 +399,16 @@ class HTTPConnection(AbstractHTTPConnect`
		668aba
		668aba	`# These two methods were imported from Python 3.2's ssl module`
		668aba
		668aba	`-def _dnsname_to_pat(dn):`
		668aba	`+def _dnsname_to_pat(dn, max_wildcards=1):`
		668aba	`pats = []`
		668aba	`for frag in dn.split(r'.'):`
		668aba	`+ if frag.count('*') > max_wildcards:`
		668aba	`+ # Issue #17980: avoid denials of service by refusing more`
		668aba	`+ # than one wildcard per fragment. A survery of established`
		668aba	`+ # policy among SSL implementations showed it to be a`
		668aba	`+ # reasonable choice.`
		668aba	`+ raise errors.CertificateError(`
		668aba	`+ "too many wildcards in certificate DNS name: " + repr(dn))`
		668aba	`if frag == '*':`
		668aba	`# When '*' is a fragment by itself, it matches a non-empty dotless`
		668aba	`# fragment.`