[issue30500] [security] urllib connects to a wrong host

Change by Ned Deily : -- Removed message: https://bugs.python.org/msg342098 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue30500] [security] urllib connects to a wrong host

Ned Deily added the comment: New changeset cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 by larryhastings (Victor Stinner) in branch '3.4': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2291) https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2

[issue30500] [security] urllib connects to a wrong host

Changes by Ned Deily : -- assignee: -> haypo resolution: -> fixed stage: -> resolved status: open -> closed ___ Python tracker ___

[issue30500] [security] urllib connects to a wrong host

Ned Deily added the comment: New changeset 052f9d6860c48c5abcff8e16212e77cf4249d66c by Ned Deily (Victor Stinner) in branch '3.3': [3.3] bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2292) https://github.com/python/cpython/commit/052f9d6860c48c5abcff8e16212e77cf4249

[issue30500] [security] urllib connects to a wrong host

Larry Hastings added the comment: New changeset cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 by larryhastings (Victor Stinner) in branch '3.4': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2291) https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352

[issue30500] [security] urllib connects to a wrong host

Ned Deily added the comment: New changeset b0fba8874a4bd6bf4773e6efdbd8fa762e9f05bd by Ned Deily (Victor Stinner) in branch '3.6': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2289) https://github.com/python/cpython/commit/b0fba8874a4bd6bf4773e6efdbd8fa762e9f05bd

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: I created bpo-30713: "Reject newline character (U+000A) in URLs in urllib.parse", to discuss how to handle newlines in URLs. -- ___ Python tracker

[issue30500] [security] urllib connects to a wrong host

Serhiy Storchaka added the comment: Or more low-level modules used by urllib.request: http, ftplib, etc. -- ___ Python tracker ___ ___

[issue30500] [security] urllib connects to a wrong host

Serhiy Storchaka added the comment: The urllib package consists of two parts: urllib.parse and urllib.request. I think urllib.request is responsible for making valid requests and validate arguments if needed. -- ___ Python tracker

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: I tested my system python2 (Python 2.7.13 on Fedora 25): haypo@selma$ python2 Python 2.7.13 (default, May 10 2017, 20:04:28) >>> urllib.splithost('//hostname/url') ('hostname', '/url') >>> urllib.splithost('//host\nname/url') # newline in hostname, accepted ('

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: > New changeset d4324baca4c03eb8d55446cd1b74b32ec5633af5 by Victor Stinner in > branch '2.7': Oh, I was too fast. I wanted to see an agreement on DOTALL before merging this one. I missed that the 2.7 change also added DOTALL. I had to handle many branches (2.

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: New changeset d4324baca4c03eb8d55446cd1b74b32ec5633af5 by Victor Stinner in branch '2.7': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2294) https://github.com/python/cpython/commit/d4324baca4c03eb8d55446cd1b74b32ec5633af5 ---

[issue30500] [security] urllib connects to a wrong host

Serhiy Storchaka added the comment: Oh, I didn't expected that newlines can be in a host name. In any case if newlines are a problem, it is better to check explicitly whether a host name contains CR, LF or other special characters. And it is better to do such checks when format a request rathe

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: New changeset 8457706ee308a621103e9b9c760ca9da3cc4e7c0 by Victor Stinner in branch 'master': bpo-30500: Fix the NEWS entry (#2293) https://github.com/python/cpython/commit/8457706ee308a621103e9b9c760ca9da3cc4e7c0 -- __

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: New changeset 82acabd3c52508d9e3f83a41fe7c684619cbbe7b by Victor Stinner in branch '3.6': bpo-30500: Fix the NEWS entry (#2296) https://github.com/python/cpython/commit/82acabd3c52508d9e3f83a41fe7c684619cbbe7b -- _

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: New changeset 410860662f53945cddf5886801c5a88a84801fec by Victor Stinner in branch '3.5': bpo-30500: Fix the NEWS entry (#2295) https://github.com/python/cpython/commit/410860662f53945cddf5886801c5a88a84801fec -- _

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2344 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- versions: +Python 3.3, Python 3.4 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2343 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2342 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2341 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: New changeset 536c1f1246f4faa302f9f5613fc3444e7ae09b4a by Victor Stinner in branch '3.6': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2289) https://github.com/python/cpython/commit/536c1f1246f4faa302f9f5613fc3444e7ae09b4a ---

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: New changeset 4899d847ed3f56b2a712799f896aa1f28540a5c0 by Victor Stinner in branch '3.5': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2290) https://github.com/python/cpython/commit/4899d847ed3f56b2a712799f896aa1f28540a5c0 ---

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2340 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

STINNER Victor added the comment: When porting the change to Python 3.4, I found this older change: if _hostprog is None: -_hostprog = re.compile('^//([^/?]*)(.*)$') +_hostprog = re.compile('//([^/?]*)(.*)', re.DOTALL) match = _hostprog.match(url) if match: -

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2339 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2338 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- pull_requests: +2337 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30500] [security] urllib connects to a wrong host

Changes by STINNER Victor : -- title: urllib connects to a wrong host -> [security] urllib connects to a wrong host ___ Python tracker ___ __