LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16468 Commits
1 Branch
46 MiB
Tree: b5c1e915c7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b5c1e915c7'
${ noResults }
openwrt-packages-dist/lang/python/python3/patches/025-bpo-37461-Fix-infinite-...

56 lines
2.3 KiB
Raw Normal View History

python3: backport three security patches Fixes: CVE-2019-16935 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years ago
 
  1. From 391511ccaaf0050970dfbe95bf2df1bcf6c33440 Mon Sep 17 00:00:00 2001
  2. From: "Miss Islington (bot)"
  3.  <31488909+miss-islington@users.noreply.github.com>
  4. Date: Wed, 17 Jul 2019 10:02:05 -0700
  5. Subject: [PATCH] bpo-37461: Fix infinite loop in parsing of specially crafted
  6.  email headers (GH-14794)
  7. 

  8. * bpo-37461: Fix infinite loop in parsing of specially crafted email headers.
  9. 

  10. Some crafted email header would cause the get_parameter method to run in an
  11. infinite loop causing a DoS attack surface when parsing those headers. This
  12. patch fixes that by making sure the DQUOTE character is handled to prevent
  13. going into an infinite loop.
  14. (cherry picked from commit a4a994bd3e619cbaff97610a1cee8ffa87c672f5)
  15. 

  16. Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
  17. ---

  18.  Lib/email/_header_value_parser.py                          | 3 +++
  19.  Lib/test/test_email/test__header_value_parser.py           | 7 +++++++
  20.  .../next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst | 2 ++
  21.  3 files changed, 12 insertions(+)
  22.  create mode 100644 Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst
  23. 

  24. --- a/Lib/email/_header_value_parser.py

  25. +++ b/Lib/email/_header_value_parser.py

  26. @@ -2387,6 +2387,9 @@ def get_parameter(value):

  27.          while value:
  28.              if value[0] in WSP:
  29.                  token, value = get_fws(value)
  30. +            elif value[0] == '"':

  31. +                token = ValueTerminal('"', 'DQUOTE')

  32. +                value = value[1:]

  33.              else:
  34.                  token, value = get_qcontent(value)
  35.              v.append(token)
  36. --- a/Lib/test/test_email/test__header_value_parser.py

  37. +++ b/Lib/test/test_email/test__header_value_parser.py

  38. @@ -2621,6 +2621,13 @@ class Test_parse_mime_parameters(TestPar

  39.              # Defects are apparent missing *0*, and two 'out of sequence'.
  40.              [errors.InvalidHeaderDefect]*3),
  41.  
  42. +        # bpo-37461: Check that we don't go into an infinite loop.

  43. +        'extra_dquote': (

  44. +            'r*="\'a\'\\"',

  45. +            ' r="\\""',

  46. +            'r*=\'a\'"',

  47. +            [('r', '"')],

  48. +            [errors.InvalidHeaderDefect]*2),

  49.      }
  50.  
  51.  @parameterize
  52. --- /dev/null

  53. +++ b/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst

  54. @@ -0,0 +1,2 @@

  55. +Fix an inifite loop when parsing specially crafted email headers. Patch by

  56. +Abhilash Raj.