diff options
author | guido <guido@google.com> | 2011-03-24 08:07:45 -0700 |
---|---|---|
committer | guido <guido@google.com> | 2011-03-24 08:07:45 -0700 |
commit | 96ec281e156207a76b9266d409e8578fc59865ed (patch) | |
tree | 37cfb65db72e422727bda0da25470cb59d82d6db | |
parent | 431003291655f47282c40e18413442f01ea53533 (diff) | |
download | cpython-96ec281e156207a76b9266d409e8578fc59865ed.tar.gz |
Issue 22663: fix redirect vulnerability in urllib/urllib2.
-rw-r--r-- | Lib/urllib.py | 13 | ||||
-rw-r--r-- | Lib/urllib2.py | 7 |
2 files changed, 18 insertions, 2 deletions
diff --git a/Lib/urllib.py b/Lib/urllib.py index 963187cfb2..09ce8c57e8 100644 --- a/Lib/urllib.py +++ b/Lib/urllib.py @@ -638,10 +638,19 @@ class FancyURLopener(URLopener): newurl = headers['uri'] else: return - void = fp.read() - fp.close() + # In case the server sent a relative URL, join with original: newurl = basejoin(self.type + ":" + url, newurl) + + # For security reasons we do not allow redirects to protocols + # other than HTTP or HTTPS. + newurl_lower = newurl.lower() + if not (newurl_lower.startswith('http://') or + newurl_lower.startswith('https://')): + return + + void = fp.read() + fp.close() return self.open(newurl) def http_error_301(self, url, fp, errcode, errmsg, headers, data=None): diff --git a/Lib/urllib2.py b/Lib/urllib2.py index 50d7aaf204..db7ce81845 100644 --- a/Lib/urllib2.py +++ b/Lib/urllib2.py @@ -555,6 +555,13 @@ class HTTPRedirectHandler(BaseHandler): return newurl = urlparse.urljoin(req.get_full_url(), newurl) + # For security reasons we do not allow redirects to protocols + # other than HTTP or HTTPS. + newurl_lower = newurl.lower() + if not (newurl_lower.startswith('http://') or + newurl_lower.startswith('https://')): + return + # XXX Probably want to forget about the state of the current # request, although that might interact poorly with other # handlers that also use handler-specific request attributes |