|
 |
706c86 |
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
|
|
|
706c86 |
index d2da0f8..7813b9f 100644
|
|
|
706c86 |
--- a/Lib/test/test_urllib.py
|
|
|
706c86 |
+++ b/Lib/test/test_urllib.py
|
|
|
706c86 |
@@ -872,6 +872,17 @@ class URLopener_Tests(unittest.TestCase):
|
|
|
706c86 |
"spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
|
|
|
706c86 |
"//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
|
|
|
706c86 |
|
|
|
706c86 |
+ def test_local_file_open(self):
|
|
|
706c86 |
+ # bpo-35907, CVE-2019-9948: urllib must reject local_file:// scheme
|
|
|
706c86 |
+ class DummyURLopener(urllib.URLopener):
|
|
|
706c86 |
+ def open_local_file(self, url):
|
|
|
706c86 |
+ return url
|
|
|
706c86 |
+ for url in ('local_file://example', 'local-file://example'):
|
|
|
706c86 |
+ self.assertRaises(IOError, urllib.urlopen, url)
|
|
|
706c86 |
+ self.assertRaises(IOError, urllib.URLopener().open, url)
|
|
|
706c86 |
+ self.assertRaises(IOError, urllib.URLopener().retrieve, url)
|
|
|
706c86 |
+ self.assertRaises(IOError, DummyURLopener().open, url)
|
|
|
706c86 |
+ self.assertRaises(IOError, DummyURLopener().retrieve, url)
|
|
|
706c86 |
|
|
|
706c86 |
# Just commented them out.
|
|
|
706c86 |
# Can't really tell why keep failing in windows and sparc.
|
|
|
706c86 |
diff --git a/Lib/urllib.py b/Lib/urllib.py
|
|
|
706c86 |
index 2201e3e..71e3637 100644
|
|
|
706c86 |
--- a/Lib/urllib.py
|
|
|
706c86 |
+++ b/Lib/urllib.py
|
|
|
706c86 |
@@ -198,7 +198,9 @@ class URLopener:
|
|
|
706c86 |
name = 'open_' + urltype
|
|
|
706c86 |
self.type = urltype
|
|
|
706c86 |
name = name.replace('-', '_')
|
|
|
706c86 |
- if not hasattr(self, name):
|
|
|
706c86 |
+
|
|
|
706c86 |
+ # bpo-35907: disallow the file reading with the type not allowed
|
|
|
706c86 |
+ if not hasattr(self, name) or name == 'open_local_file':
|
|
|
706c86 |
if proxy:
|
|
|
706c86 |
return self.open_unknown_proxy(proxy, fullurl, data)
|
|
|
706c86 |
else:
|