Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the problematic RE and for review. This is a security fix; disclosure to follow shortly.
This commit is contained in:
parent
014247ad19
commit
17d3a6d804
|
@ -73,7 +73,7 @@ class URLValidator(RegexValidator):
|
||||||
|
|
||||||
# Host patterns
|
# Host patterns
|
||||||
hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]*[a-z' + ul + r'0-9])?'
|
hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]*[a-z' + ul + r'0-9])?'
|
||||||
domain_re = r'(?:\.[a-z' + ul + r'0-9]+(?:[a-z' + ul + r'0-9-]*[a-z' + ul + r'0-9]+)*)*'
|
domain_re = r'(?:\.(?!-)[a-z' + ul + r'0-9-]*(?<!-))*'
|
||||||
tld_re = r'\.(?:[a-z' + ul + r']{2,}|xn--[a-z0-9]+)\.?'
|
tld_re = r'\.(?:[a-z' + ul + r']{2,}|xn--[a-z0-9]+)\.?'
|
||||||
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
|
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
|
||||||
|
|
||||||
|
|
|
@ -60,6 +60,13 @@ The undocumented, internally unused ``validate_integer()`` function is now
|
||||||
stricter as it validates using a regular expression instead of simply casting
|
stricter as it validates using a regular expression instead of simply casting
|
||||||
the value using ``int()`` and checking if an exception was raised.
|
the value using ``int()`` and checking if an exception was raised.
|
||||||
|
|
||||||
|
Denial-of-service possibility in URL validation
|
||||||
|
===============================================
|
||||||
|
|
||||||
|
:class:`~django.core.validators.URLValidator` included a regular expression
|
||||||
|
that was extremely slow to evaluate against certain invalid inputs. This regular
|
||||||
|
expression has been simplified and optimized.
|
||||||
|
|
||||||
Bugfixes
|
Bugfixes
|
||||||
========
|
========
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,8 @@ http://foo.bar/foo(bar)baz quux
|
||||||
http://-error-.invalid/
|
http://-error-.invalid/
|
||||||
http://-a.b.co
|
http://-a.b.co
|
||||||
http://a.b-.co
|
http://a.b-.co
|
||||||
|
http://a.-b.co
|
||||||
|
http://a.b-.c.co
|
||||||
http:/
|
http:/
|
||||||
http://
|
http://
|
||||||
http://
|
http://
|
||||||
|
|
|
@ -188,6 +188,9 @@ TEST_DATA = [
|
||||||
# Trailing newlines not accepted
|
# Trailing newlines not accepted
|
||||||
(URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
|
(URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
|
||||||
(URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),
|
(URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),
|
||||||
|
# Trailing junk does not take forever to reject
|
||||||
|
(URLValidator(), 'http://www.asdasdasdasdsadfm.com.br ', ValidationError),
|
||||||
|
(URLValidator(), 'http://www.asdasdasdasdsadfm.com.br z', ValidationError),
|
||||||
|
|
||||||
(BaseValidator(True), True, None),
|
(BaseValidator(True), True, None),
|
||||||
(BaseValidator(True), False, ValidationError),
|
(BaseValidator(True), False, ValidationError),
|
||||||
|
|
|
@ -7,6 +7,7 @@ http://www.example.com/
|
||||||
http://www.example.com:8000/test
|
http://www.example.com:8000/test
|
||||||
http://valid-with-hyphens.com/
|
http://valid-with-hyphens.com/
|
||||||
http://subdomain.example.com/
|
http://subdomain.example.com/
|
||||||
|
http://a.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||||
http://200.8.9.10/
|
http://200.8.9.10/
|
||||||
http://200.8.9.10:8000/test
|
http://200.8.9.10:8000/test
|
||||||
http://su--b.valid-----hyphens.com/
|
http://su--b.valid-----hyphens.com/
|
||||||
|
|
Loading…
Reference in New Issue