From 8a7b22d4a623bcd95190d2f5a958472fb41e576d Mon Sep 17 00:00:00 2001 From: Nick Pope Date: Wed, 25 Jan 2023 12:21:48 +0100 Subject: [4.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue. --- tests/i18n/tests.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tests') diff --git a/tests/i18n/tests.py b/tests/i18n/tests.py index 0adacb765e..43d1682c96 100644 --- a/tests/i18n/tests.py +++ b/tests/i18n/tests.py @@ -1717,6 +1717,14 @@ class MiscTests(SimpleTestCase): ("de;q=0.", [("de", 0.0)]), ("en; q=1,", [("en", 1.0)]), ("en; q=1.0, * ; q=0.5", [("en", 1.0), ("*", 0.5)]), + ( + "en" + "-x" * 20, + [("en-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x", 1.0)], + ), + ( + ", ".join(["en; q=1.0"] * 20), + [("en", 1.0)] * 20, + ), # Bad headers ("en-gb;q=1.0000", []), ("en;q=0.1234", []), @@ -1733,6 +1741,10 @@ class MiscTests(SimpleTestCase): ("", []), ("en;q=1e0", []), ("en-au;q=1.0", []), + # Invalid as language-range value too long. + ("xxxxxxxx" + "-xxxxxxxx" * 500, []), + # Header value too long, only parse up to limit. + (", ".join(["en; q=1.0"] * 500), [("en", 1.0)] * 45), ] for value, expected in tests: with self.subTest(value=value): -- cgit v1.3