Staging
v0.8.1
v0.8.1
https://github.com/python/cpython
Revision 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC, committed by GitHub on 03 April 2020, 01:15:56 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent ebeabb5
Tip revision: 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
Tip revision: 69cdeeb
File | Mode | Size |
---|---|---|
Python.asdl | -rw-r--r-- | 5.0 KB |
acceler.c | -rw-r--r-- | 3.3 KB |
asdl.py | -rw-r--r-- | 12.6 KB |
asdl_c.py | -rw-r--r-- | 43.7 KB |
bitset.c | -rw-r--r-- | 1.0 KB |
firstsets.c | -rw-r--r-- | 2.8 KB |
grammar.c | -rw-r--r-- | 7.4 KB |
grammar1.c | -rw-r--r-- | 1.3 KB |
listnode.c | -rw-r--r-- | 1.2 KB |
metagrammar.c | -rw-r--r-- | 2.4 KB |
myreadline.c | -rw-r--r-- | 10.8 KB |
node.c | -rw-r--r-- | 4.4 KB |
parser.c | -rw-r--r-- | 11.6 KB |
parser.h | -rw-r--r-- | 1.0 KB |
parsetok.c | -rw-r--r-- | 10.5 KB |
parsetok_pgen.c | -rw-r--r-- | 35 bytes |
pgen.c | -rw-r--r-- | 17.9 KB |
pgenmain.c | -rw-r--r-- | 4.0 KB |
printgrammar.c | -rw-r--r-- | 2.9 KB |
tokenizer.c | -rw-r--r-- | 54.8 KB |
tokenizer.h | -rw-r--r-- | 3.8 KB |
tokenizer_pgen.c | -rw-r--r-- | 36 bytes |
Computing file changes ...