blob: 5f2e652f5bafef659a59a9317f673d707345bf46 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 9a25a6e9ace15d5f6136a2e9dd77324bae119f46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Tue, 4 May 2021 13:15:54 +0200
Subject: [PATCH] Reject endpoint URLs containing LF, CR or HT to workaround
bpo43882 fix
---
botocore/utils.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/botocore/utils.py b/botocore/utils.py
index 378972248..b154469bc 100644
--- a/botocore/utils.py
+++ b/botocore/utils.py
@@ -977,6 +977,8 @@ class ArgumentGenerator(object):
def is_valid_ipv6_endpoint_url(endpoint_url):
+ if '\n' in endpoint_url or '\r' in endpoint_url or '\t' in endpoint_url:
+ return False
netloc = urlparse(endpoint_url).netloc
return IPV6_ADDRZ_RE.match(netloc) is not None
@@ -990,6 +992,8 @@ def is_valid_endpoint_url(endpoint_url):
:return: True if the endpoint url is valid. False otherwise.
"""
+ if '\n' in endpoint_url or '\r' in endpoint_url or '\t' in endpoint_url:
+ return False
parts = urlsplit(endpoint_url)
hostname = parts.hostname
if hostname is None:
--
2.31.1
|