From b397515457c3ce48afe9cd4f9d32f8f006f68cbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BE=9D=E7=91=AA=E8=B2=93?= Date: Thu, 18 May 2023 23:30:36 +0800 Subject: [PATCH] Removed the size restriction in the next URI utilities. Buffer overflow may happen with any parameter, not only the "next" parameter. It should be solved in uWSGI, but not the application. --- src/accounting/utils/next_uri.py | 2 -- tests/test_utils.py | 15 --------------- 2 files changed, 17 deletions(-) diff --git a/src/accounting/utils/next_uri.py b/src/accounting/utils/next_uri.py index 48bf47f..cbbdfde 100644 --- a/src/accounting/utils/next_uri.py +++ b/src/accounting/utils/next_uri.py @@ -64,8 +64,6 @@ def __get_next_uri() -> str | None: if request.method == "POST" else request.args.get("next") if next_uri is None or not next_uri.startswith("/"): return None - if len(next_uri) > 512: - return next_uri[:512] return next_uri diff --git a/tests/test_utils.py b/tests/test_utils.py index 307d8e9..f555900 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -140,21 +140,6 @@ class NextUriTestCase(unittest.TestCase): "next": next_uri}) self.assertEqual(response.status_code, 200) - # An extremely-long URI to trigger the error - next_uri = "/" + "x" * 1024 - expected2 = next_uri[:512] - expected1 = f"{self.TARGET}?next={quote_plus(expected2)}" - response = client.get(f"/test-invalid-next?next={quote_plus(next_uri)}" - f"&inherit-expected={quote_plus(expected1)}" - f"&or-expected={quote_plus(expected2)}") - self.assertEqual(response.status_code, 200) - response = client.post("/test-invalid-next" - f"?inherit-expected={quote_plus(expected1)}" - f"&or-expected={quote_plus(expected2)}", - data={"csrf_token": csrf_token, - "next": next_uri}) - self.assertEqual(response.status_code, 200) - class QueryKeywordParserTestCase(unittest.TestCase): """The test case for the query keyword parser."""