[Patches] netrc module parse bug
Lance Finn Helsten
helsten@inconnect.com
Mon, 3 Apr 2000 00:15:28 -0600
<fixed><smaller><fontfamily><param>Courier</param>When a .netrc file has =
passwords that contain non-alphanumeric characters the netrc.__init__ =
throws an exception. To change this in the .netrc would pose security =
risks.
Changes:
1) Added all 7-bit characters to the wordchars field.
2) Turned off quotes.
3) Turn '#' off and on as a comment character around the top level =
get_token, so it is usable in passwords.
This assumes that all comments start in column 0. End of line comments =
will probably not work.
*** netrc.py Fri Feb 4 08:10:33 2000
--- /usr/local/lib/python1.5/netrc.py Sun Apr 2 23:46:31 2000
***************
*** 15,24 ****
self.hosts =3D {}
self.macros =3D {}
lexer =3D shlex.shlex(fp)
! lexer.wordchars =3D lexer.wordchars + '.'
while 1:
# Look for a machine, default, or macdef top-level keyword
toplevel =3D tt =3D lexer.get_token()
if tt =3D=3D '' or tt =3D=3D None:
break
elif tt =3D=3D 'machine':
--- 13,25 ----
self.hosts =3D {}
self.macros =3D {}
lexer =3D shlex.shlex(fp)
! lexer.wordchars =3D lexer.wordchars + =
'~!@#$%^&*()-=3D+`[]{}\\|;:,./<<>?\'"'
! lexer.quotes =3D ''
while 1:
# Look for a machine, default, or macdef top-level keyword
+ lexer.commenters =3D '#'
toplevel =3D tt =3D lexer.get_token()
+ lexer.commenters =3D ''
if tt =3D=3D '' or tt =3D=3D None:
break
elif tt =3D=3D 'machine':
***************
<flushleft>
I confirm that, to the best of my knowledge and belief, this
contribution is free of any claims of third parties under
copyright, patent or other rights or interests ("claims"). To
the extent that I have any such claims, I hereby grant to CNRI a
nonexclusive, irrevocable, royalty-free, worldwide license to
reproduce, distribute, perform and/or display publicly, prepare
derivative versions, and otherwise use this contribution as part
of the Python software and its related documentation, or any
derivative versions thereof, at no cost to CNRI or its licensed
users, and to authorize others to do so.
I acknowledge that CNRI may, at its sole discretion, decide
whether or not to incorporate this contribution in the Python
software and its related documentation. I further grant CNRI
permission to use my name and other identifying information
provided to CNRI by me for use in connection with the Python
software and its related documentation.
Lance Finn Helsten
helsten@inconnect.com
helsten@ieee.org
helsten@acm.org
You cannot free a slave save he do it himself. You cannot enslave a =
freeman, the most you can do is kill him. ~Robert A. Heinlien=