mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed catastrophic backtracking in URLValidator.

Browse Source 
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
This commit is contained in:
Shai Berger
2015-06-30 01:09:21 +03:00
committed by Tim Graham
parent 014247ad19
commit 17d3a6d804
5 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/validators/tests.py
View File

@@ -188,6 +188,9 @@ TEST_DATA = [
# Trailing newlines not accepted
(URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
(URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),
# Trailing junk does not take forever to reject
(URLValidator(), 'http://www.asdasdasdasdsadfm.com.br ', ValidationError),
(URLValidator(), 'http://www.asdasdasdasdsadfm.com.br z', ValidationError),
(BaseValidator(True), True, None),
(BaseValidator(True), False, ValidationError),