Overview

File CVE-2024-41990.patch of Package python-Django.35187

From 729d7934e34ff91f262f3e7089e32cab701b09ca Mon Sep 17 00:00:00 2001
From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Date: Thu, 18 Jul 2024 13:19:34 +0200
Subject: [PATCH 2/4] [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS
 in urlize and urlizetrunc template filters.

Thanks to MProgrammer for the report.
---
 django/utils/html.py           | 18 ++++++++----------
 tests/utils_tests/test_html.py |  2 ++
 3 files changed, 17 insertions(+), 10 deletions(-)

Index: Django-2.0.7/django/utils/html.py
===================================================================
--- Django-2.0.7.orig/django/utils/html.py
+++ Django-2.0.7/django/utils/html.py
@@ -314,7 +314,11 @@ def urlize(text, trim_url_limit=None, no
                         trimmed_something = True
                         counts[closing] -= strip
 
-            rstripped = middle.rstrip(trailing_punctuation_chars_no_semicolon())
+            amp = middle.rfind("&")
+            if amp == -1:
+                rstripped = middle.rstrip(TRAILING_PUNCTUATION_CHARS)
+            else:
+                rstripped = middle.rstrip(trailing_punctuation_chars_no_semicolon())
             if rstripped != middle:
                 trail = middle[len(rstripped) :] + trail
                 middle = rstripped
@@ -322,15 +326,9 @@ def urlize(text, trim_url_limit=None, no
 
             if trailing_punctuation_chars_has_semicolon() and middle.endswith(";"):
                 # Only strip if not part of an HTML entity.
-                amp = middle.rfind("&")
-                if amp == -1:
-                    can_strip = True
-                else:
-                    potential_entity = middle[amp:]
-                    escaped = html.unescape(potential_entity)
-                    can_strip = (escaped == potential_entity) or escaped.endswith(";")
-
-                if can_strip:
+                potential_entity = middle[amp:]
+                escaped = html.unescape(potential_entity)
+                if escaped == potential_entity or escaped.endswith(";"):
                     rstripped = middle.rstrip(";")
                     amount_stripped = len(middle) - len(rstripped)
                     if amp > -1 and amount_stripped > 1:
Index: Django-2.0.7/tests/utils_tests/test_html.py
===================================================================
--- Django-2.0.7.orig/tests/utils_tests/test_html.py
+++ Django-2.0.7/tests/utils_tests/test_html.py
@@ -233,6 +233,8 @@ class TestUtilsHtml(SimpleTestCase):
             "[(" * 100_000 + ":" + ")]" * 100_000,
             "([[" * 100_000 + ":" + "]])" * 100_000,
             "&:" + ";" * 100_000,
+            "&.;" * 100_000,
+            ".;" * 100_000,
         )
         for value in tests:
             with self.subTest(value=value):
openSUSE Build Service is sponsored by
Places