Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
python-base.12557
CVE-2019-10160-netloc-port-regression.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-10160-netloc-port-regression.patch of Package python-base.12557
--- a/Lib/test/test_urlparse.py +++ b/Lib/test/test_urlparse.py @@ -642,12 +642,12 @@ class UrlParseTestCase(unittest.TestCase self.assertIn(u'\uFF03', denorm_chars) for scheme in [u"http", u"https", u"ftp"]: - for c in denorm_chars: - url = u"{}://netloc{}false.netloc/path".format(scheme, c) - if test_support.verbose: - print "Checking %r" % url - with self.assertRaises(ValueError): - urlparse.urlsplit(url) + for netloc in [u"netloc{0}false.netloc", u"n{0}user@netloc"]: + for c in denorm_chars: + url = u"{0}://{1}/path".format(scheme, netloc.format(c)) + if test_support.verbose: + print("Checking %r" % url) + self.assertRaises(ValueError, urlparse.urlsplit, url) def test_main(): test_support.run_unittest(UrlParseTestCase) --- a/Lib/urlparse.py +++ b/Lib/urlparse.py @@ -171,13 +171,16 @@ def _checknetloc(netloc): # looking for characters like \u2100 that expand to 'a/c' # IDNA uses NFKC equivalence, so normalize for this check import unicodedata - netloc2 = unicodedata.normalize('NFKC', netloc) - if netloc == netloc2: + n = netloc.replace('@', '') # ignore characters already included + n = n.replace(':', '') # but not the surrounding text + n = n.replace('#', '') + n = n.replace('?', '') + netloc2 = unicodedata.normalize('NFKC', n) + if n == netloc2: return - _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay for c in '/?#@:': if c in netloc2: - raise ValueError("netloc '" + netloc2 + "' contains invalid " + + raise ValueError("netloc '" + netloc + "' contains invalid " + "characters under NFKC normalization") def urlsplit(url, scheme='', allow_fragments=True):
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor