Skip to content

S
setuptools
Commit e97b2fa7 authored by Jason R. Coombs's avatar Jason R. Coombs
Browse files
Options

Merge github pull request

parents 15b5b526 7ddd872c
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 1 deletion
setuptools/ssl_support.py
View file @ e97b2fa7
...@@ -88,9 +88,16 @@ except ImportError: ...@@ -88,9 +88,16 @@ except ImportError:
class CertificateError(ValueError): class CertificateError(ValueError):
pass pass
def _dnsname_to_pat(dn): def _dnsname_to_pat(dn, max_wildcards=1):
pats = [] pats = []
for frag in dn.split(r'.'): for frag in dn.split(r'.'):
if frag.count('*') > max_wildcards:
# Issue #17980: avoid denials of service by refusing more
# than one wildcard per fragment. A survery of established
# policy among SSL implementations showed it to be a
# reasonable choice.
raise CertificateError(
"too many wildcards in certificate DNS name: " + repr(dn))
if frag == '*': if frag == '*':
# When '*' is a fragment by itself, it matches a non-empty dotless # When '*' is a fragment by itself, it matches a non-empty dotless
# fragment. # fragment.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7