Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7f8dd9c

Browse files
alexalex
committed
[1.1.X] Fix a security issue in the auth system. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@15036 bcc190cf-cafb-0310-a4f2-bffc1f526a37
1 parent 1708483 commit 7f8dd9c

File tree

3 files changed

+13
-3
lines changed

3 files changed

+13
-3
lines changed

django/contrib/auth/tests/tokens.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,9 @@
3434
>>> p2.check_token(u, tk1)
3535
False
3636
37+
This will put a 14-digit base36 timestamp into the token, which is too large.
38+
>>> tk1 = p0._make_token_with_timestamp(u, 175455491841851871349)
39+
>>> p0.check_token(u, tk1)
40+
False
41+
3742
"""

django/contrib/auth/urls.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# These URLs are normally mapped to /admin/urls.py. This URLs file is
1+
# These URLs are normally mapped to /admin/urls.py. This URLs file is
22
# provided as a convenience to those who want to deploy these URLs elsewhere.
33
# This file is also used to provide a reliable view deployment for test purposes.
44

@@ -11,7 +11,7 @@
1111
(r'^password_change/done/$', 'django.contrib.auth.views.password_change_done'),
1212
(r'^password_reset/$', 'django.contrib.auth.views.password_reset'),
1313
(r'^password_reset/done/$', 'django.contrib.auth.views.password_reset_done'),
14-
(r'^reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'django.contrib.auth.views.password_reset_confirm'),
14+
(r'^reset/(?P<uidb36>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', 'django.contrib.auth.views.password_reset_confirm'),
1515
(r'^reset/done/$', 'django.contrib.auth.views.password_reset_complete'),
1616
)
1717

django/utils/http.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,8 +73,13 @@ def http_date(epoch_seconds=None):
7373

7474
def base36_to_int(s):
7575
"""
76-
Convertd a base 36 string to an integer
76+
Converts a base 36 string to an ``int``. To prevent
77+
overconsumption of server resources, raises ``ValueError` if the
78+
input is longer than 13 base36 digits (13 digits is sufficient to
79+
base36-encode any 64-bit integer).
7780
"""
81+
if len(s) > 13:
82+
raise ValueError("Base36 input too large")
7883
return int(s, 36)
7984

8085
def int_to_base36(i):

0 commit comments

Comments
 (0)