RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/python/cpython/commit/82ca2839c9ec6bf9a9400e791a52411824df67f3 below:

Fix quadratic time idna decoding. (GH-99092) (GH-9922… · python/cpython@82ca283 · GitHub

File tree Expand file treeCollapse file tree 3 files changed

+27

-17

lines changed

Filter options

Misc/NEWS.d/next/Security

Expand file treeCollapse file tree 3 files changed

+27

-17

lines changed Original file line number Diff line number Diff line change


 @@ -39,23 +39,21 @@ def nameprep(label):

39 39 40 40


 # Check bidi

41 41


 RandAL = [stringprep.in_table_d1(x) for x in label]

42

-
 for c in RandAL:

43

-
 if c:

44

-
 # There is a RandAL char in the string. Must perform further

45

-
 # tests:

46

-
 # 1) The characters in section 5.8 MUST be prohibited.

47

-
 # This is table C.8, which was already checked

48

-
 # 2) If a string contains any RandALCat character, the string

49

-
 # MUST NOT contain any LCat character.

50

-
 if any(stringprep.in_table_d2(x) for x in label):

51

-
 raise UnicodeError("Violation of BIDI requirement 2")

52 - 53

-
 # 3) If a string contains any RandALCat character, a

54

-
 # RandALCat character MUST be the first character of the

55

-
 # string, and a RandALCat character MUST be the last

56

-
 # character of the string.

57

-
 if not RandAL[0] or not RandAL[-1]:

58

-
 raise UnicodeError("Violation of BIDI requirement 3")

42

+
 if any(RandAL):

43

+
 # There is a RandAL char in the string. Must perform further

44

+
 # tests:

45

+
 # 1) The characters in section 5.8 MUST be prohibited.

46

+
 # This is table C.8, which was already checked

47

+
 # 2) If a string contains any RandALCat character, the string

48

+
 # MUST NOT contain any LCat character.

49

+
 if any(stringprep.in_table_d2(x) for x in label):

50

+
 raise UnicodeError("Violation of BIDI requirement 2")

51

+
 # 3) If a string contains any RandALCat character, a

52

+
 # RandALCat character MUST be the first character of the

53

+
 # string, and a RandALCat character MUST be the last

54

+
 # character of the string.

55

+
 if not RandAL[0] or not RandAL[-1]:

56

+
 raise UnicodeError("Violation of BIDI requirement 3")

59 57 60 58


 return label

61 59 Original file line number Diff line number Diff line change


 @@ -1532,6 +1532,12 @@ def test_builtin_encode(self):

1532 1532


 self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org")

1533 1533


 self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.")

1534 1534 1535

+
 def test_builtin_decode_length_limit(self):

1536

+
 with self.assertRaisesRegex(UnicodeError, "too long"):

1537

+
 (b"xn--016c"+b"a"*1100).decode("idna")

1538

+
 with self.assertRaisesRegex(UnicodeError, "too long"):

1539

+
 (b"xn--016c"+b"a"*70).decode("idna")

1540 + 1535 1541


 def test_stream(self):

1536 1542


 r = codecs.getreader("idna")(io.BytesIO(b"abc"))

1537 1543


 r.read(3)

Original file line number Diff line number Diff line change


 @@ -0,0 +1,6 @@

1

+
 The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio`

2

+
 related name resolution functions no longer involves a quadratic algorithm.

3

+
 This prevents a potential CPU denial of service if an out-of-spec excessive

4

+
 length hostname involving bidirectional characters were decoded. Some protocols

5

+
 such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker

6

+
 to supply such a name.

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4