blob: af89fb14808c025eba5abe302445c0bb2008a78f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001
From: Ran Benita <ran@unusedvar.com>
Date: Fri, 4 Sep 2020 13:57:26 +0300
Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame
functionality
The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject
to catastrophic backtracing given a string like `"1" * 5000`.
SVN blame output seems to always have at least one space between the
revision number and the user name, so the ambiguity can be fixed by
changing the `*` to `+`.
Fixes #256.
---
py/_path/svnwc.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/py/_path/svnwc.py b/py/_path/svnwc.py
index 3138dd85..b5b9d8d5 100644
--- a/py/_path/svnwc.py
+++ b/py/_path/svnwc.py
@@ -396,7 +396,7 @@ def makecmdoptions(self):
def __str__(self):
return "<SvnAuth username=%s ...>" %(self.username,)
-rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)')
+rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)')
class SvnWCCommandPath(common.PathBase):
""" path implementation offering access/modification to svn working copies.
|