26 lines
1015 B
Diff
26 lines
1015 B
Diff
From 88f02bc335d5404991e532e7f3b0fc80437bf4e0 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Alex=20Gr=C3=B6nholm?= <alex.gronholm@nextday.fi>
|
|
Date: Thu, 20 Oct 2022 17:13:23 +0300
|
|
Subject: [PATCH] Fixed potential DoS attack via WHEEL_INFO_RE
|
|
|
|
Refer: https://github.com/pypa/wheel/issues/498
|
|
|
|
---
|
|
src/wheel/wheelfile.py | 4 ++--
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/wheel/wheelfile.py b/src/wheel/wheelfile.py
|
|
index a0c9d2a5..b985774e 100644
|
|
--- a/src/wheel/wheelfile.py
|
|
+++ b/src/wheel/wheelfile.py
|
|
@@ -16,8 +16,8 @@
|
|
# Non-greedy matching of an optional build number may be too clever (more
|
|
# invalid wheel filenames will match). Separate regex for .dist-info?
|
|
WHEEL_INFO_RE = re.compile(
|
|
- r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.+?))(-(?P<build>\d[^-]*))?
|
|
- -(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)\.whl$""",
|
|
+ r"""^(?P<namever>(?P<name>[^-]+?)-(?P<ver>[^-]+?))(-(?P<build>\d[^-]*))?
|
|
+ -(?P<pyver>[^-]+?)-(?P<abi>[^-]+?)-(?P<plat>[^.]+?)\.whl$""",
|
|
re.VERBOSE)
|
|
|