1. Erik Bray
  2. setuptools

Commits

Jason R. Coombs  committed 174ff62 Merge

Merge github pull request

  • Participants
  • Parent commits 24eba27, 4b0fb61
  • Branches default

Comments (0)

Files changed (1)

File setuptools/ssl_support.py

View file
     class CertificateError(ValueError):
         pass
 
-    def _dnsname_to_pat(dn):
+    def _dnsname_to_pat(dn, max_wildcards=1):
         pats = []
         for frag in dn.split(r'.'):
+            if frag.count('*') > max_wildcards:
+                # Issue #17980: avoid denials of service by refusing more
+                # than one wildcard per fragment.  A survery of established
+                # policy among SSL implementations showed it to be a
+                # reasonable choice.
+                raise CertificateError(
+                    "too many wildcards in certificate DNS name: " + repr(dn))
             if frag == '*':
                 # When '*' is a fragment by itself, it matches a non-empty dotless
                 # fragment.