mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-05-16 10:08:50 +00:00
3a9a13832b
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61911 Pick the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From ecbd037205723884036b4a467c19d7904b8b6cee Mon Sep 17 00:00:00 2001
|
|
From: lukas-eu <62448426+lukas-eu@users.noreply.github.com>
|
|
Date: Fri, 10 Oct 2025 19:47:46 +0200
|
|
Subject: [PATCH] Merge commit from fork
|
|
|
|
CVE: CVE-2025-61911
|
|
Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a]
|
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
|
---
|
|
Lib/ldap/filter.py | 2 ++
|
|
Tests/t_ldap_filter.py | 4 ++++
|
|
2 files changed, 6 insertions(+)
|
|
|
|
diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py
|
|
index 782737a..5bd41b2 100644
|
|
--- a/Lib/ldap/filter.py
|
|
+++ b/Lib/ldap/filter.py
|
|
@@ -24,6 +24,8 @@ def escape_filter_chars(assertion_value,escape_mode=0):
|
|
If 1 all NON-ASCII chars are escaped.
|
|
If 2 all chars are escaped.
|
|
"""
|
|
+ if not isinstance(assertion_value, str):
|
|
+ raise TypeError("assertion_value must be of type str.")
|
|
if escape_mode:
|
|
r = []
|
|
if escape_mode==1:
|
|
diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py
|
|
index 313b373..5431205 100644
|
|
--- a/Tests/t_ldap_filter.py
|
|
+++ b/Tests/t_ldap_filter.py
|
|
@@ -49,6 +49,10 @@ class TestDN(unittest.TestCase):
|
|
),
|
|
r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f'
|
|
)
|
|
+ with self.assertRaises(TypeError):
|
|
+ escape_filter_chars(["abc@*()/xyz"], escape_mode=1)
|
|
+ with self.assertRaises(TypeError):
|
|
+ escape_filter_chars({"abc@*()/xyz": 1}, escape_mode=1)
|
|
|
|
def test_escape_filter_chars_mode2(self):
|
|
"""
|