Overview

File CVE-2024-3772.patch of Package python-pydantic.37215

From 3cc150ecbf86ac3509e1ca2904bf2c256c3fb558 Mon Sep 17 00:00:00 2001
From: Hasan Ramezani <hasan.r67@gmail.com>
Date: Wed, 27 Sep 2023 16:35:28 +0200
Subject: [PATCH 1/2] [Backport] Add max length check to `validate_email`

---
 pydantic/networks.py   | 8 ++++++++
 tests/test_networks.py | 1 +
 2 files changed, 9 insertions(+)

diff --git a/pydantic/networks.py b/pydantic/networks.py
index 2cd77d1f48..cfebe588e4 100644
--- a/pydantic/networks.py
+++ b/pydantic/networks.py
@@ -702,6 +702,10 @@ def validate(cls, value: NetworkType) -> Union[IPv4Network, IPv6Network]:
 
 
 pretty_email_regex = re.compile(r'([\w ]*?) *<(.*)> *')
+MAX_EMAIL_LENGTH = 2048
+"""Maximum length for an email.
+A somewhat arbitrary but very generous number compared to what is allowed by most implementations.
+"""
 
 
 def validate_email(value: Union[str]) -> Tuple[str, str]:
@@ -714,6 +718,10 @@ def validate_email(value: Union[str]) -> Tuple[str, str]:
     """
     if email_validator is None:
         import_email_validator()
+
+    if len(value) > MAX_EMAIL_LENGTH:
+        raise errors.EmailError()
+
     m = pretty_email_regex.fullmatch(value)
     name: Union[str, None] = None
     if m:
diff --git a/tests/test_networks.py b/tests/test_networks.py
index eb717f96d2..c31448bd97 100644
--- a/tests/test_networks.py
+++ b/tests/test_networks.py
@@ -789,6 +789,7 @@ def test_address_valid(value, name, email):
         '\"@example.com',
         ',@example.com',
         'foobar <foobar<@example.com>',
+        'foobar <' + 'a' * 4096 + '@example.com>',
     ],
 )
 def test_address_invalid(value):

From 31ecafd754aacc1b933ac26ee568d0457792396f Mon Sep 17 00:00:00 2001
From: Hasan Ramezani <hasan.r67@gmail.com>
Date: Wed, 27 Sep 2023 16:39:47 +0200
Subject: [PATCH 2/2] Add change file

---
 changes/7673-hramezani.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changes/7673-hramezani.md

diff --git a/changes/7673-hramezani.md b/changes/7673-hramezani.md
new file mode 100644
index 0000000000..dbb98294a8
--- /dev/null
+++ b/changes/7673-hramezani.md
@@ -0,0 +1 @@
+Fix: Add max length check to `pydantic.validate_email`
openSUSE Build Service is sponsored by
Places