mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-24 07:17:17 +00:00
a6af42abe2
Fixes CVE-2020-7212 (1.25.2 - 1.25.7) The _encode_invalid_chars function does not remove duplicate percent encodings in the _percent_encodings array, which combined with the normalization step could take O(N^2) time to compute for a URL of length N. This results in a marginally higher CPU consumption compared to the potential linear time achieved by deduplicating the _percent_encodings array. CC: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit fc57db8401b806494ceeb20e4c91d2be8a8456eb) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>