Now packaging 2014.2.1

[openstack-build/neutron-build.git] / debian / patches / cve-2014-7821_DoS_through_invalid_DNS_configuration_juno.patch

Description: CVE-2014-7821: Fix hostname regex pattern
 Current hostname_pattern regex complexity grows exponentially when given a
 string of just digits, which can be exploited to cause neutron-server to
 freeze.
Author: John Perkins <john.perkins@rackspace.com>
Origin: https://review.openstack.org/#/c/135623/
X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff_plain;h=ad6fefcb4d4068b46b69284e277df6ab2ee30105
Date: Mon, 6 Oct 2014 21:24:57 +0000 (-0500)
Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
Bug-Ubuntu:: https://launchpad.net/bugs/1378450
Bug-Debian: https://bugs.debian.org/770431
Last-Update: 2014-11-21

diff --git a/neutron/api/v2/attributes.py b/neutron/api/v2/attributes.py
index 83471f9..21486db 100644
--- a/neutron/api/v2/attributes.py
+++ b/neutron/api/v2/attributes.py
@@ -540,8 +540,8 @@ def convert_to_list(data):
         return [data]
 
 
-HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]"
-                    "{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)")
+HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
+                    "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
 
 HEX_ELEM = '[0-9A-Fa-f]'
 UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
diff --git a/neutron/tests/unit/test_attributes.py b/neutron/tests/unit/test_attributes.py
index 2fb268d..f8cb462 100644
--- a/neutron/tests/unit/test_attributes.py
+++ b/neutron/tests/unit/test_attributes.py
@@ -281,6 +281,7 @@ class TestAttributes(base.BaseTestCase):
                     ['www.hostname.com', 'www.hostname.com'],
                     ['77.hostname.com'],
                     ['1000.0.0.1'],
+                    ['111111111111111111111111111111111111111111111111111111111111'],  # noqa
                     None]
 
         for ns in ns_pools: