Overview

File CVE-2023-26112.patch of Package python-configobj.29759

From a82ea8fb0338f2bd46cf627c4b763094448e6bd7 Mon Sep 17 00:00:00 2001
From: cdcadman <mythirty@gmail.com>
Date: Wed, 17 May 2023 03:57:08 -0700
Subject: [PATCH] Address CVE-2023-26112 ReDoS

---
 src/configobj/validate.py         |  2 +-
 src/tests/test_validate_errors.py | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/validate.py b/validate.py
index 9267a3f..98d879f 100644
--- a/validate.py
+++ b/validate.py
@@ -541,7 +541,7 @@ class Validator(object):
     """
 
     # this regex does the initial parsing of the checks
-    _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
+    _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
 
     # this regex takes apart keyword arguments
     _key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$',  re.DOTALL)
openSUSE Build Service is sponsored by
Places