Skip to main content

Browse the archive

Staging
v0.5.1
https://github.com/python/cpython
09 December 2020, 11:06:31 UTC
Revision c9516754067d71fd7429a25ccfcb2141fc583523 authored by Benjamin Peterson on 04 March 2018, 06:59:12 UTC, committed by GitHub on 04 March 2018, 06:59:12 UTC 
[3.6] bpo-32981: Fix catastrophic backtracking vulns (GH-5955)
 
* Prevent low-grade poplib REDOS (CVE-2018-1060)

The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.

Replace it with a similar non-vulnerable regex.

The new regex is RFC compliant.
The old regex was non-compliant in edge cases.

* Prevent difflib REDOS (CVE-2018-1061)

The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.

Replace it with an equivalent non-vulnerable regex.

Also introduce unit and REDOS tests for difflib.

Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac)
1 parent bd92cfe
Raw File
Tip revision: c9516754067d71fd7429a25ccfcb2141fc583523 authored by Benjamin Peterson on 04 March 2018, 06:59:12 UTC
[3.6] bpo-32981: Fix catastrophic backtracking vulns (GH-5955)
Tip revision: c951675
.gitattributes 
# Binary data types
*.aif binary
*.aifc binary
*.aiff binary
*.au binary
*.bmp binary
*.exe binary
*.icns binary
*.gif binary
*.ico binary
*.jpg binary
*.pck binary
*.png binary
*.psd binary
*.tar binary
*.wav binary
*.whl binary
*.zip binary

# Specific binary files
Lib/test/sndhdrdata/sndhdr.* binary

# Text files that should not be subject to eol conversion
Lib/test/cjkencodings/* -text
Lib/test/decimaltestdata/*.decTest -text
Lib/test/test_email/data/*.txt -text
Lib/test/xmltestdata/* -text
Lib/test/coding20731.py -text

# Special files in third party code
Modules/zlib/zlib.map -text

# CRLF files
*.bat text eol=crlf
*.ps1 text eol=crlf
*.sln text eol=crlf
*.vcxproj* text eol=crlf
*.props text eol=crlf
*.proj text eol=crlf
PCbuild/readme.txt text eol=crlf
PC/readme.txt text eol=crlf
back to top