Skip to main content

Browse the archive

Staging
v0.5.1
https://github.com/python/cpython
09 December 2020, 11:06:31 UTC
Revision 09d8172837b6985c4ad90ee025f6b5a554a9f0ac authored by Tapas Kundu on 20 June 2020, 06:43:50 UTC, committed by GitHub on 20 June 2020, 06:43:50 UTC 
[3.5] closes bpo-38576: Disallow control characters in hostnames in http.client. (#19300)
 
Add host validation for control characters for more
CVE-2019-18348 protection.
(cherry picked from commit 83fc70159b24)
1 parent 37fe316
Raw File
Tip revision: 09d8172837b6985c4ad90ee025f6b5a554a9f0ac authored by Tapas Kundu on 20 June 2020, 06:43:50 UTC
[3.5] closes bpo-38576: Disallow control characters in hostnames in http.client. (#19300)
Tip revision: 09d8172
pystrcmp.c 
/* Cross platform case insensitive string compare functions
 */

#include "Python.h"

int
PyOS_mystrnicmp(const char *s1, const char *s2, Py_ssize_t size)
{
    if (size == 0)
        return 0;
    while ((--size > 0) &&
           (tolower((unsigned)*s1) == tolower((unsigned)*s2))) {
        if (!*s1++ || !*s2++)
            break;
    }
    return tolower((unsigned)*s1) - tolower((unsigned)*s2);
}

int
PyOS_mystricmp(const char *s1, const char *s2)
{
    while (*s1 && (tolower((unsigned)*s1++) == tolower((unsigned)*s2++))) {
        ;
    }
    return (tolower((unsigned)*s1) - tolower((unsigned)*s2));
}
back to top