Skip to content

Commit 4bfe7c9

Browse files
committed
Prevent "regex injection"
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
1 parent c7fe477 commit 4bfe7c9

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

Diff for: radicale/rights/regex.py

+4-1
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,10 @@ def _read_from_sections(user, collection_url, permission):
6565
"""Get regex sections."""
6666
filename = os.path.expanduser(config.get("rights", "file"))
6767
rights_type = config.get("rights", "type").lower()
68-
regex = ConfigParser({"login": user, "path": collection_url})
68+
# Prevent "regex injection"
69+
user_escaped = re.escape(user)
70+
collection_url_escaped = re.escape(collection_url)
71+
regex = ConfigParser({"login": user_escaped, "path": collection_url_escaped})
6972
if rights_type in DEFINED_RIGHTS:
7073
log.LOGGER.debug("Rights type '%s'" % rights_type)
7174
regex.readfp(StringIO(DEFINED_RIGHTS[rights_type]))

0 commit comments

Comments
 (0)