+42
-9
lines changedFilter options
+42
-9
lines changed Original file line number Diff line number Diff line change
@@ -228,13 +228,16 @@ def repercent_broken_unicode(path):
228 228
repercent-encode any octet produced that is not part of a strictly legal
229 229
UTF-8 octet sequence.
230 230
"""
231 -
try:
232 -
path.decode()
233 -
except UnicodeDecodeError as e:
234 -
repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
235 -
path = repercent_broken_unicode(
236 -
path[:e.start] + force_bytes(repercent) + path[e.end:])
237 -
return path
231 +
while True:
232 +
try:
233 +
path.decode()
234 +
except UnicodeDecodeError as e:
235 +
# CVE-2019-14235: A recursion shouldn't be used since the exception
236 +
# handling uses massive amounts of memory
237 +
repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
238 +
path = path[:e.start] + force_bytes(repercent) + path[e.end:]
239 +
else:
240 +
return path
238 241 239 242 240 243
def filepath_to_uri(path):
@@ -45,3 +45,13 @@ CVE-2019-14234: SQL injection possibility in key and index lookups for ``JSONFie
45 45
<hstorefield.key>` for :class:`~django.contrib.postgres.fields.HStoreField`
46 46
were subject to SQL injection, using a suitably crafted dictionary, with
47 47
dictionary expansion, as the ``**kwargs`` passed to ``QuerySet.filter()``.
48 + 49 +
CVE-2019-14235: Potential memory exhaustion in ``django.utils.encoding.uri_to_iri()``
50 +
=====================================================================================
51 + 52 +
If passed certain inputs, :func:`django.utils.encoding.uri_to_iri` could lead
53 +
to significant memory usage due to excessive recursion when re-percent-encoding
54 +
invalid UTF-8 octet sequences.
55 + 56 +
``uri_to_iri()`` now avoids recursion when re-percent-encoding invalid UTF-8
57 +
octet sequences.
Original file line number Diff line number Diff line change
@@ -45,3 +45,13 @@ CVE-2019-14234: SQL injection possibility in key and index lookups for ``JSONFie
45 45
<hstorefield.key>` for :class:`~django.contrib.postgres.fields.HStoreField`
46 46
were subject to SQL injection, using a suitably crafted dictionary, with
47 47
dictionary expansion, as the ``**kwargs`` passed to ``QuerySet.filter()``.
48 + 49 +
CVE-2019-14235: Potential memory exhaustion in ``django.utils.encoding.uri_to_iri()``
50 +
=====================================================================================
51 + 52 +
If passed certain inputs, :func:`django.utils.encoding.uri_to_iri` could lead
53 +
to significant memory usage due to excessive recursion when re-percent-encoding
54 +
invalid UTF-8 octet sequences.
55 + 56 +
``uri_to_iri()`` now avoids recursion when re-percent-encoding invalid UTF-8
57 +
octet sequences.
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
1 1
import datetime
2 +
import sys
2 3
import unittest
3 4
from unittest import mock
4 5
from urllib.parse import quote_plus
5 6 6 7
from django.test import SimpleTestCase
7 8
from django.utils.encoding import (
8 9
DjangoUnicodeDecodeError, escape_uri_path, filepath_to_uri, force_bytes,
9 -
force_text, get_system_encoding, iri_to_uri, smart_bytes, smart_text,
10 -
uri_to_iri,
10 +
force_text, get_system_encoding, iri_to_uri, repercent_broken_unicode,
11 +
smart_bytes, smart_text, uri_to_iri,
11 12
)
12 13
from django.utils.functional import SimpleLazyObject
13 14
from django.utils.translation import gettext_lazy
@@ -86,6 +87,15 @@ def test_get_default_encoding(self):
86 87
with mock.patch('locale.getdefaultlocale', side_effect=Exception):
87 88
self.assertEqual(get_system_encoding(), 'ascii')
88 89 90 +
def test_repercent_broken_unicode_recursion_error(self):
91 +
# Prepare a string long enough to force a recursion error if the tested
92 +
# function uses recursion.
93 +
data = b'\xfc' * sys.getrecursionlimit()
94 +
try:
95 +
self.assertEqual(repercent_broken_unicode(data), b'%FC' * sys.getrecursionlimit())
96 +
except RecursionError:
97 +
self.fail('Unexpected RecursionError raised.')
98 + 89 99 90 100
class TestRFC3987IEncodingUtils(unittest.TestCase):
91 101 You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4