32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001
|
|
From: Ran Benita <ran@unusedvar.com>
|
|
Date: Fri, 4 Sep 2020 13:57:26 +0300
|
|
Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame
|
|
functionality
|
|
|
|
The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject
|
|
to catastrophic backtracing given a string like `"1" * 5000`.
|
|
|
|
SVN blame output seems to always have at least one space between the
|
|
revision number and the user name, so the ambiguity can be fixed by
|
|
changing the `*` to `+`.
|
|
|
|
Fixes #256.
|
|
---
|
|
py/_path/svnwc.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/py-1.5.4/py/_path/svnwc.py b/py-1.5.4/py/_path/svnwc.py
|
|
index 3138dd85..b5b9d8d5 100644
|
|
--- a/py-1.5.4/py/_path/svnwc.py
|
|
+++ b/py-1.5.4/py/_path/svnwc.py
|
|
@@ -396,7 +396,7 @@ def makecmdoptions(self):
|
|
def __str__(self):
|
|
return "<SvnAuth username=%s ...>" %(self.username,)
|
|
|
|
-rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)')
|
|
+rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)')
|
|
|
|
class SvnWCCommandPath(common.PathBase):
|
|
""" path implementation offering access/modification to svn working copies.
|