Merge pull request #8225 from tk0miya/8175_intersphinx_redos

Fix #8175: intersphinx: Potential of regex denial of service by inventory
2025-02-25 18:55:22 -06:00 · 2020-09-29 01:58:07 +09:00 · 2020-09-29 01:58:07 +09:00 · d8c006f1c0
commit d8c006f1c0
parent 3f584155a5 f7b872e673
2 changed files with 7 additions and 1 deletions
--- a/1
+++ b/1
@ -35,6 +35,7 @@ Bugs fixed
 * #8192: napoleon: description is disappeared when it contains inline literals
 * #8172: napoleon: Potential of regex denial of service in google style docs
 * #8169: LaTeX: pxjahyper loaded even when latex_engine is not platex
+* #8175: intersphinx: Potential of regex denial of service by broken inventory
 * #8093: The highlight warning has wrong location in some builders (LaTeX,
  singlehtml and so on)
 * #8239: Failed to refer a token in productionlist if it is indented
--- a/sphinx/util/inventory.py
+++ b/sphinx/util/inventory.py
@ -122,11 +122,16 @@ class InventoryFile:

        for line in stream.read_compressed_lines():
            # be careful to handle names with embedded spaces correctly
-            m = re.match(r'(?x)(.+?)\s+(\S*:\S*)\s+(-?\d+)\s+?(\S*)\s+(.*)',
+            m = re.match(r'(?x)(.+?)\s+(\S+)\s+(-?\d+)\s+?(\S*)\s+(.*)',
                         line.rstrip())
            if not m:
                continue
            name, type, prio, location, dispname = m.groups()
+            if ':' not in type:
+                # wrong type value. type should be in the form of "{domain}:{objtype}"
+                #
+                # Note: To avoid the regex DoS, this is implemented in python (refs: #8175)
+                continue
            if type == 'py:module' and type in invdata and name in invdata[type]:
                # due to a bug in 1.1 and below,
                # two inventory entries are created