blob: 018ac9983c14b2732a8b8f3a3125da1660ddfcd2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
$NetBSD: patch-ba,v 1.3 2011/03/28 15:58:15 drochner Exp $
Issue #11662 (CVE-2011-1521)
--- Lib/urllib.py.orig 2007-03-14 08:27:57.000000000 +0000
+++ Lib/urllib.py
@@ -638,10 +638,20 @@ class FancyURLopener(URLopener):
newurl = headers['uri']
else:
return
- void = fp.read()
- fp.close()
+
# In case the server sent a relative URL, join with original:
newurl = basejoin(self.type + ":" + url, newurl)
+
+ # For security reasons we do not allow redirects to protocols
+ # other than HTTP, HTTPS or FTP.
+ newurl_lower = newurl.lower()
+ if not (newurl_lower.startswith('http://') or
+ newurl_lower.startswith('https://') or
+ newurl_lower.startswith('ftp://')):
+ return
+
+ void = fp.read()
+ fp.close()
return self.open(newurl)
def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):
|