+++ /dev/null
-Description: CVE-2014-7821: Fix hostname regex pattern
- Current hostname_pattern regex complexity grows exponentially when given a
- string of just digits, which can be exploited to cause neutron-server to
- freeze.
-Author: John Perkins <john.perkins@rackspace.com>
-Origin: https://review.openstack.org/#/c/135623/
-X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff_plain;h=ad6fefcb4d4068b46b69284e277df6ab2ee30105
-Date: Mon, 6 Oct 2014 21:24:57 +0000 (-0500)
-Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
-Bug-Ubuntu:: https://launchpad.net/bugs/1378450
-Bug-Debian: https://bugs.debian.org/770431
-Last-Update: 2014-11-21
-
-diff --git a/neutron/api/v2/attributes.py b/neutron/api/v2/attributes.py
-index 83471f9..21486db 100644
---- a/neutron/api/v2/attributes.py
-+++ b/neutron/api/v2/attributes.py
-@@ -540,8 +540,8 @@ def convert_to_list(data):
- return [data]
-
-
--HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]"
-- "{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)")
-+HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
-+ "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
-
- HEX_ELEM = '[0-9A-Fa-f]'
- UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
-diff --git a/neutron/tests/unit/test_attributes.py b/neutron/tests/unit/test_attributes.py
-index 2fb268d..f8cb462 100644
---- a/neutron/tests/unit/test_attributes.py
-+++ b/neutron/tests/unit/test_attributes.py
-@@ -281,6 +281,7 @@ class TestAttributes(base.BaseTestCase):
- ['www.hostname.com', 'www.hostname.com'],
- ['77.hostname.com'],
- ['1000.0.0.1'],
-+ ['111111111111111111111111111111111111111111111111111111111111'], # noqa
- None]
-
- for ns in ns_pools:
Code Review / openstack-build / neutron-build.git / commitdiff