diff options
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django/CVE-2024-41990.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-django/CVE-2024-41990.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41990.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41990.patch new file mode 100644 index 0000000000..f4be195200 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41990.patch | |||
| @@ -0,0 +1,69 @@ | |||
| 1 | From d0a82e26a74940bf0c78204933c3bdd6a283eb88 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | ||
| 3 | Date: Thu, 18 Jul 2024 13:19:34 +0200 | ||
| 4 | Subject: [PATCH] [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in | ||
| 5 | urlize and urlizetrunc template filters. | ||
| 6 | |||
| 7 | Thanks to MProgrammer for the report. | ||
| 8 | |||
| 9 | CVE: CVE-2024-41990 | ||
| 10 | |||
| 11 | Upstream-Status: Backport [https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88] | ||
| 12 | |||
| 13 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
| 14 | --- | ||
| 15 | django/utils/html.py | 18 ++++++++---------- | ||
| 16 | tests/utils_tests/test_html.py | 2 ++ | ||
| 17 | 2 files changed, 10 insertions(+), 10 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/django/utils/html.py b/django/utils/html.py | ||
| 20 | index f1b74ab..84e157d 100644 | ||
| 21 | --- a/django/utils/html.py | ||
| 22 | +++ b/django/utils/html.py | ||
| 23 | @@ -315,7 +315,11 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): | ||
| 24 | trimmed_something = True | ||
| 25 | counts[closing] -= strip | ||
| 26 | |||
| 27 | - rstripped = middle.rstrip(trailing_punctuation_chars_no_semicolon()) | ||
| 28 | + amp = middle.rfind("&") | ||
| 29 | + if amp == -1: | ||
| 30 | + rstripped = middle.rstrip(TRAILING_PUNCTUATION_CHARS) | ||
| 31 | + else: | ||
| 32 | + rstripped = middle.rstrip(trailing_punctuation_chars_no_semicolon()) | ||
| 33 | if rstripped != middle: | ||
| 34 | trail = middle[len(rstripped) :] + trail | ||
| 35 | middle = rstripped | ||
| 36 | @@ -323,15 +327,9 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): | ||
| 37 | |||
| 38 | if trailing_punctuation_chars_has_semicolon() and middle.endswith(";"): | ||
| 39 | # Only strip if not part of an HTML entity. | ||
| 40 | - amp = middle.rfind("&") | ||
| 41 | - if amp == -1: | ||
| 42 | - can_strip = True | ||
| 43 | - else: | ||
| 44 | - potential_entity = middle[amp:] | ||
| 45 | - escaped = unescape(potential_entity) | ||
| 46 | - can_strip = (escaped == potential_entity) or escaped.endswith(";") | ||
| 47 | - | ||
| 48 | - if can_strip: | ||
| 49 | + potential_entity = middle[amp:] | ||
| 50 | + escaped = unescape(potential_entity) | ||
| 51 | + if escaped == potential_entity or escaped.endswith(";"): | ||
| 52 | rstripped = middle.rstrip(";") | ||
| 53 | amount_stripped = len(middle) - len(rstripped) | ||
| 54 | if amp > -1 and amount_stripped > 1: | ||
| 55 | diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py | ||
| 56 | index 715c1c6..5abab8d 100644 | ||
| 57 | --- a/tests/utils_tests/test_html.py | ||
| 58 | +++ b/tests/utils_tests/test_html.py | ||
| 59 | @@ -274,6 +274,8 @@ class TestUtilsHtml(SimpleTestCase): | ||
| 60 | "[(" * 100_000 + ":" + ")]" * 100_000, | ||
| 61 | "([[" * 100_000 + ":" + "]])" * 100_000, | ||
| 62 | "&:" + ";" * 100_000, | ||
| 63 | + "&.;" * 100_000, | ||
| 64 | + ".;" * 100_000, | ||
| 65 | ) | ||
| 66 | for value in tests: | ||
| 67 | with self.subTest(value=value): | ||
| 68 | -- | ||
| 69 | 2.40.0 | ||