!15 [sync] PR-13: Fix CVE-2020-29651

From: @openeuler-sync-bot Reviewed-by: @small_leek Signed-off-by: @small_leek
2022-02-24 01:34:32 +00:00 · 2022-02-24 01:34:32 +00:00 · 4328795010
commit 4328795010
parent 978fd8c3be 3da5bcab72
2 changed files with 37 additions and 2 deletions
--- a/CVE-2020-29651.patch
+++ b/CVE-2020-29651.patch
@ -0,0 +1,31 @@
+From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001
+From: Ran Benita <ran@unusedvar.com>
+Date: Fri, 4 Sep 2020 13:57:26 +0300
+Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame
+ functionality
+
+The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject
+to catastrophic backtracing given a string like `"1" * 5000`.
+
+SVN blame output seems to always have at least one space between the
+revision number and the user name, so the ambiguity can be fixed by
+changing the `*` to `+`.
+
+Fixes #256.
+---
+ py/_path/svnwc.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/py-1.5.4/py/_path/svnwc.py b/py-1.5.4/py/_path/svnwc.py
+index 3138dd85..b5b9d8d5 100644
+--- a/py-1.5.4/py/_path/svnwc.py
+++ b/py-1.5.4/py/_path/svnwc.py
+@@ -396,7 +396,7 @@ def makecmdoptions(self):
+     def __str__(self):
+         return "<SvnAuth username=%s ...>" %(self.username,)
+ 
+-rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)')
+rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)')
+ 
+ class SvnWCCommandPath(common.PathBase):
+     """ path implementation offering access/modification to svn working copies.
--- a/python-py.spec
+++ b/python-py.spec
@ -8,11 +8,12 @@

 Name:           python-%{modname}
 Version:        1.5.4
-Release:        4
+Release:        5
 Summary:        Library with cross-python path, ini-parsing, io, code, log facilities
 License:        MIT and Public Domain
 URL:            http://pylib.readthedocs.io/en/stable/
 Source:         https://files.pythonhosted.org/packages/source/p/%{modname}/%{modnameversion}.tar.gz
+Patch0:		CVE-2020-29651.patch
 BuildArch:      noarch

 %if %{with tests}
@ -70,7 +71,7 @@ Obsoletes:      platform-python-%{modname} < %{version}-%{release}
 %endif

 %prep
-%autosetup -c -n %{modnameversion}
+%autosetup -c -n %{modnameversion} -p1

 find %{modnameversion} \
   -type f -a \( -name '*.py' -o -name 'py.*' \) \
@ -133,5 +134,8 @@ popd
 %endif

 %changelog
+* Wed Feb 23 2020 houyingchao <houyingchao@huawei.com> - 1.5.4-5
+- Fix CVE-2020-29651
+
 * Tue Dec 10 2019 mengxian <mengxian@huawei.com> - 1.5.4-4
 - Package init