meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

From 76dd27ec0dbde6c852f412390ac4e2cfefa8af76 Mon Sep 17 00:00:00 2001
From: cdcadman <mythirty@gmail.com>
Date: Wed, 17 May 2023 03:57:08 -0700
Subject: [PATCH] Address CVE-2023-26112 ReDoS

CVE: CVE-2023-26112
Upstream-Status: Backport [https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 validate.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/validate.py b/validate.py
index b7a964c..af76898 100644
--- a/validate.py
+++ b/validate.py
@@ -542,7 +542,7 @@ class Validator(object):
     """
 
     # this regex does the initial parsing of the checks
-    _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
+    _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
 
     # this regex takes apart keyword arguments
     _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$',  re.DOTALL)