diff options
| author | Ran Benita <ran@unusedvar.com> | 2020-09-04 13:57:26 +0300 |
|---|---|---|
| committer | Ran Benita <ran@unusedvar.com> | 2020-09-04 13:57:26 +0300 |
| commit | 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 (patch) | |
| tree | 6a445ee7e0c2faf37500ca0a6de54699e5d5de56 | |
| parent | 2da2caea38812eaa3ce09dd5292e3635ce9b16c8 (diff) | |
| download | py-4a9017dc6199d2a564b6e4b0aa39d6d8870e4144.tar.gz | |
svnwc: fix regular expression vulnerable to DoS in blame functionality
The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject
to catastrophic backtracing given a string like `"1" * 5000`.
SVN blame output seems to always have at least one space between the
revision number and the user name, so the ambiguity can be fixed by
changing the `*` to `+`.
Fixes #256.
| -rw-r--r-- | py/_path/svnwc.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/py/_path/svnwc.py b/py/_path/svnwc.py index 3138dd85..b5b9d8d5 100644 --- a/py/_path/svnwc.py +++ b/py/_path/svnwc.py @@ -396,7 +396,7 @@ class SvnAuth(object): def __str__(self): return "<SvnAuth username=%s ...>" %(self.username,) -rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)') +rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)') class SvnWCCommandPath(common.PathBase): """ path implementation offering access/modification to svn working copies. |