diff options
| author | Alex Grönholm <alex.gronholm@nextday.fi> | 2022-10-20 17:13:23 +0300 |
|---|---|---|
| committer | Alex Grönholm <alex.gronholm@nextday.fi> | 2022-10-20 17:13:33 +0300 |
| commit | 88f02bc335d5404991e532e7f3b0fc80437bf4e0 (patch) | |
| tree | 5e5c2b674cf170acf813176d14b0197f2a13c087 /src/wheel | |
| parent | e9f7a605da0dee4426deb3181e61c94616c53bb5 (diff) | |
| download | wheel-git-88f02bc335d5404991e532e7f3b0fc80437bf4e0.tar.gz | |
Fixed potential DoS attack via WHEEL_INFO_RE
Diffstat (limited to 'src/wheel')
| -rw-r--r-- | src/wheel/wheelfile.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wheel/wheelfile.py b/src/wheel/wheelfile.py index a0c9d2a..b985774 100644 --- a/src/wheel/wheelfile.py +++ b/src/wheel/wheelfile.py @@ -16,8 +16,8 @@ from wheel.util import log, urlsafe_b64decode, urlsafe_b64encode # Non-greedy matching of an optional build number may be too clever (more # invalid wheel filenames will match). Separate regex for .dist-info? WHEEL_INFO_RE = re.compile( - r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.+?))(-(?P<build>\d[^-]*))? - -(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)\.whl$""", + r"""^(?P<namever>(?P<name>[^-]+?)-(?P<ver>[^-]+?))(-(?P<build>\d[^-]*))? + -(?P<pyver>[^-]+?)-(?P<abi>[^-]+?)-(?P<plat>[^.]+?)\.whl$""", re.VERBOSE, ) |