Fix CVE-2023-41164
(cherry picked from commit c34a71464680fbe0f68de6ed4ad7161988ca0429)
This commit is contained in:
wk333
openeuler-sync-bot
parent
acefaee95e
commit
9ab478fe33
83
CVE-2023-41164.patch
Normal file
83
CVE-2023-41164.patch
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
From 6f030b1149bd8fa4ba90452e77cb3edc095ce54e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
||||||
|
Date: Tue, 22 Aug 2023 08:53:03 +0200
|
||||||
|
Subject: [PATCH] [3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in
|
||||||
|
django.utils.encoding.uri_to_iri().
|
||||||
|
|
||||||
|
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
|
||||||
|
|
||||||
|
Origin: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
|
||||||
|
|
||||||
|
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
|
||||||
|
---
|
||||||
|
django/utils/encoding.py | 6 ++++--
|
||||||
|
docs/releases/3.2.21.txt | 7 ++++++-
|
||||||
|
tests/utils_tests/test_encoding.py | 21 ++++++++++++++++++++-
|
||||||
|
3 files changed, 30 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/django/utils/encoding.py b/django/utils/encoding.py
|
||||||
|
index e1ebacef4705..c5c4463b1c22 100644
|
||||||
|
--- a/django/utils/encoding.py
|
||||||
|
+++ b/django/utils/encoding.py
|
||||||
|
@@ -229,6 +229,7 @@ def repercent_broken_unicode(path):
|
||||||
|
repercent-encode any octet produced that is not part of a strictly legal
|
||||||
|
UTF-8 octet sequence.
|
||||||
|
"""
|
||||||
|
+ changed_parts = []
|
||||||
|
while True:
|
||||||
|
try:
|
||||||
|
path.decode()
|
||||||
|
@@ -236,9 +237,10 @@ def repercent_broken_unicode(path):
|
||||||
|
# CVE-2019-14235: A recursion shouldn't be used since the exception
|
||||||
|
# handling uses massive amounts of memory
|
||||||
|
repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
|
||||||
|
- path = path[:e.start] + repercent.encode() + path[e.end:]
|
||||||
|
+ changed_parts.append(path[:e.start] + repercent.encode())
|
||||||
|
+ path = path[e.end:]
|
||||||
|
else:
|
||||||
|
- return path
|
||||||
|
+ return b"".join(changed_parts) + path
|
||||||
|
|
||||||
|
|
||||||
|
def filepath_to_uri(path):
|
||||||
|
diff --git a/tests/utils_tests/test_encoding.py b/tests/utils_tests/test_encoding.py
|
||||||
|
index 36f2d8665f3c..42779050cb3a 100644
|
||||||
|
--- a/tests/utils_tests/test_encoding.py
|
||||||
|
+++ b/tests/utils_tests/test_encoding.py
|
||||||
|
@@ -1,9 +1,10 @@
|
||||||
|
import datetime
|
||||||
|
+import inspect
|
||||||
|
import sys
|
||||||
|
import unittest
|
||||||
|
from pathlib import Path
|
||||||
|
from unittest import mock
|
||||||
|
-from urllib.parse import quote_plus
|
||||||
|
+from urllib.parse import quote, quote_plus
|
||||||
|
|
||||||
|
from django.test import SimpleTestCase
|
||||||
|
from django.utils.encoding import (
|
||||||
|
@@ -101,6 +102,24 @@ def test_repercent_broken_unicode_recursion_error(self):
|
||||||
|
except RecursionError:
|
||||||
|
self.fail('Unexpected RecursionError raised.')
|
||||||
|
|
||||||
|
+ def test_repercent_broken_unicode_small_fragments(self):
|
||||||
|
+ data = b"test\xfctest\xfctest\xfc"
|
||||||
|
+ decoded_paths = []
|
||||||
|
+
|
||||||
|
+ def mock_quote(*args, **kwargs):
|
||||||
|
+ # The second frame is the call to repercent_broken_unicode().
|
||||||
|
+ decoded_paths.append(inspect.currentframe().f_back.f_locals["path"])
|
||||||
|
+ return quote(*args, **kwargs)
|
||||||
|
+
|
||||||
|
+ with mock.patch("django.utils.encoding.quote", mock_quote):
|
||||||
|
+ self.assertEqual(repercent_broken_unicode(data), b"test%FCtest%FCtest%FC")
|
||||||
|
+
|
||||||
|
+ # decode() is called on smaller fragment of the path each time.
|
||||||
|
+ self.assertEqual(
|
||||||
|
+ decoded_paths,
|
||||||
|
+ [b"test\xfctest\xfctest\xfc", b"test\xfctest\xfc", b"test\xfc"],
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
|
||||||
|
class TestRFC3987IEncodingUtils(unittest.TestCase):
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
%global _empty_manifest_terminate_build 0
|
%global _empty_manifest_terminate_build 0
|
||||||
Name: python-django
|
Name: python-django
|
||||||
Version: 3.2.12
|
Version: 3.2.12
|
||||||
Release: 5
|
Release: 6
|
||||||
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
|
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
|
||||||
License: Apache-2.0 and Python-2.0 and BSD-3-Clause
|
License: Apache-2.0 and Python-2.0 and BSD-3-Clause
|
||||||
URL: https://www.djangoproject.com/
|
URL: https://www.djangoproject.com/
|
||||||
@ -14,6 +14,7 @@ Patch2: CVE-2023-23969.patch
|
|||||||
Patch3: CVE-2023-24580.patch
|
Patch3: CVE-2023-24580.patch
|
||||||
Patch4: CVE-2023-31047.patch
|
Patch4: CVE-2023-31047.patch
|
||||||
Patch5: CVE-2023-36053.patch
|
Patch5: CVE-2023-36053.patch
|
||||||
|
Patch6: CVE-2023-41164.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
%description
|
%description
|
||||||
@ -80,6 +81,9 @@ mv %{buildroot}/doclist.lst .
|
|||||||
%{_docdir}/*
|
%{_docdir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 14 2023 wangkai <13474090681@163.com> - 3.2.12-6
|
||||||
|
- Fix CVE-2023-41164
|
||||||
|
|
||||||
* Mon Jul 17 2023 yaoxin <yao_xin001@hoperun.com> - 3.2.12-5
|
* Mon Jul 17 2023 yaoxin <yao_xin001@hoperun.com> - 3.2.12-5
|
||||||
- Fix CVE-2023-36053
|
- Fix CVE-2023-36053
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user