summaryrefslogtreecommitdiffstats
path: root/Lib/test/pydocfodder.py
diff options
context:
space:
mode:
authorVictor Stinner <vstinner@python.org>2020-04-03 01:15:56 (GMT)
committerGitHub <noreply@github.com>2020-04-03 01:15:56 (GMT)
commit69cdeeb93e0830004a495ed854022425b93b3f3e (patch)
tree7d7febe9471509c5f32930060ff38e8bebdaef1c /Lib/test/pydocfodder.py
parentebeabb5b728f009480ced3ca4738c20fa073b507 (diff)
downloadcpython-69cdeeb93e0830004a495ed854022425b93b3f3e.zip
cpython-69cdeeb93e0830004a495ed854022425b93b3f3e.tar.gz
cpython-69cdeeb93e0830004a495ed854022425b93b3f3e.tar.bz2
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
Diffstat (limited to 'Lib/test/pydocfodder.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit v0.12 at 2025-09-13 07:06:35 (GMT)