mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-29 00:26:07 +00:00
Code Issues 32 Releases Wiki Activity

[1.8.x] Fixed catastrophic backtracking in URLValidator.

Browse Source 
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
This commit is contained in:
Shai Berger
2015-06-30 01:09:21 +03:00
committed by Tim Graham
parent 574dd5e0b0
commit 8f9a4d3a2b
5 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
django/core/validators.py
View File

@@ -73,7 +73,7 @@ class URLValidator(RegexValidator):
# Host patterns
hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]*[a-z' + ul + r'0-9])?'
domain_re = r'(?:\.[a-z' + ul + r'0-9]+(?:[a-z' + ul + r'0-9-]*[a-z' + ul + r'0-9]+)*)*'
domain_re = r'(?:\.(?!-)[a-z' + ul + r'0-9-]*(?<!-))*'
tld_re = r'\.(?:[a-z' + ul + r']{2,}|xn--[a-z0-9]+)\.?'
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'