[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names
Florian Weimer
report at bugs.python.org
Fri May 17 10:20:28 CEST 2013
Florian Weimer added the comment:
> "*" pattern is replace with '[^.]+' regex, so I may not cause the exponential complexity issue. (I didn't check.)
A possessive quantifier might also help, that is [^.]+?.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17980>
_______________________________________
More information about the Python-bugs-list
mailing list