Removed the size restriction in the next URI utilities. Buffer overflow may happen with any parameter, not only the "next" parameter. It should be solved in uWSGI, but not the application.
This commit is contained in:
parent
abe90d3483
commit
b397515457
@ -64,8 +64,6 @@ def __get_next_uri() -> str | None:
|
|||||||
if request.method == "POST" else request.args.get("next")
|
if request.method == "POST" else request.args.get("next")
|
||||||
if next_uri is None or not next_uri.startswith("/"):
|
if next_uri is None or not next_uri.startswith("/"):
|
||||||
return None
|
return None
|
||||||
if len(next_uri) > 512:
|
|
||||||
return next_uri[:512]
|
|
||||||
return next_uri
|
return next_uri
|
||||||
|
|
||||||
|
|
||||||
|
@ -140,21 +140,6 @@ class NextUriTestCase(unittest.TestCase):
|
|||||||
"next": next_uri})
|
"next": next_uri})
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
# An extremely-long URI to trigger the error
|
|
||||||
next_uri = "/" + "x" * 1024
|
|
||||||
expected2 = next_uri[:512]
|
|
||||||
expected1 = f"{self.TARGET}?next={quote_plus(expected2)}"
|
|
||||||
response = client.get(f"/test-invalid-next?next={quote_plus(next_uri)}"
|
|
||||||
f"&inherit-expected={quote_plus(expected1)}"
|
|
||||||
f"&or-expected={quote_plus(expected2)}")
|
|
||||||
self.assertEqual(response.status_code, 200)
|
|
||||||
response = client.post("/test-invalid-next"
|
|
||||||
f"?inherit-expected={quote_plus(expected1)}"
|
|
||||||
f"&or-expected={quote_plus(expected2)}",
|
|
||||||
data={"csrf_token": csrf_token,
|
|
||||||
"next": next_uri})
|
|
||||||
self.assertEqual(response.status_code, 200)
|
|
||||||
|
|
||||||
|
|
||||||
class QueryKeywordParserTestCase(unittest.TestCase):
|
class QueryKeywordParserTestCase(unittest.TestCase):
|
||||||
"""The test case for the query keyword parser."""
|
"""The test case for the query keyword parser."""
|
||||||
|
Loading…
Reference in New Issue
Block a user