Fixed catastrophic backtracking in URLValidator.

Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.

3 files changed, 6 insertions, 0 deletions

diff --git a/tests/validators/invalid_urls.txt b/tests/validators/invalid_urls.txt
index 9a4df36a20..a3393d76ed 100644
--- a/tests/validators/invalid_urls.txt
+++ b/tests/validators/invalid_urls.txt
@@ -35,6 +35,8 @@ http://foo.bar/foo(bar)baz quux
 http://-error-.invalid/
 http://-a.b.co
 http://a.b-.co
+http://a.-b.co
+http://a.b-.c.co
 http:/
 http://
 http://
diff --git a/tests/validators/tests.py b/tests/validators/tests.py
index 69aebb9ada..977bc66bb1 100644
--- a/tests/validators/tests.py
+++ b/tests/validators/tests.py
@@ -188,6 +188,9 @@ TEST_DATA = [
     # Trailing newlines not accepted
     (URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
     (URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),
+    # Trailing junk does not take forever to reject
+    (URLValidator(), 'http://www.asdasdasdasdsadfm.com.br ', ValidationError),
+    (URLValidator(), 'http://www.asdasdasdasdsadfm.com.br z', ValidationError),
 
     (BaseValidator(True), True, None),
     (BaseValidator(True), False, ValidationError),
diff --git a/tests/validators/valid_urls.txt b/tests/validators/valid_urls.txt
index 040298f4fe..8c98f848e4 100644
--- a/tests/validators/valid_urls.txt
+++ b/tests/validators/valid_urls.txt
@@ -7,6 +7,7 @@ http://www.example.com/
 http://www.example.com:8000/test
 http://valid-with-hyphens.com/
 http://subdomain.example.com/
+http://a.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 http://200.8.9.10/
 http://200.8.9.10:8000/test
 http://su--b.valid-----hyphens.com/