diff options
Diffstat (limited to 'dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch')
| -rw-r--r-- | dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch new file mode 100644 index 000000000000..e745263d236d --- /dev/null +++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch @@ -0,0 +1,14 @@ +diff -Naur pysaml2/src/saml2/authn.py pysaml2.new/src/saml2/authn.py +--- 1/src/saml2/authn.py 2018-01-11 17:23:27.198775074 -0600 ++++ 2/src/saml2/authn.py 2018-01-11 17:22:57.909567278 -0600 +@@ -147,7 +147,8 @@ + return resp + + def _verify(self, pwd, user): +- assert is_equal(pwd, self.passwd[user]) ++ if not is_equal(pwd, self.passwd[user]): ++ raise ValueError("Wrong password") + + def verify(self, request, **kwargs): + """ + |