From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001 From: Ran Benita Date: Fri, 4 Sep 2020 13:57:26 +0300 Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame functionality The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject to catastrophic backtracing given a string like `"1" * 5000`. SVN blame output seems to always have at least one space between the revision number and the user name, so the ambiguity can be fixed by changing the `*` to `+`. Fixes #256. --- py/_path/svnwc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py/_path/svnwc.py b/py/_path/svnwc.py index 3138dd85..b5b9d8d5 100644 --- a/py/_path/svnwc.py +++ b/py/_path/svnwc.py @@ -396,7 +396,7 @@ def makecmdoptions(self): def __str__(self): return "" %(self.username,) -rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)') +rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)') class SvnWCCommandPath(common.PathBase): """ path implementation offering access/modification to svn working copies.