From bd78edd2b80cebf55f97e435f67256285901451a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E7=9B=B8=E5=AE=87?=
 <14222378+sunxiangyu0120@user.noreply.gitee.com>
Date: Fri, 21 Nov 2025 13:58:27 +0800
Subject: [PATCH] Fix CVE-2022-45061: Limit IDNA label length to 63 chars

---
 Lib/encodings/idna.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Lib/encodings/idna.py b/Lib/encodings/idna.py
index bf98f51..a2ceb8b 100644
--- a/Lib/encodings/idna.py
+++ b/Lib/encodings/idna.py
@@ -12,6 +12,9 @@ sace_prefix = "xn--"
 
 # This assumes query strings, so AllowUnassigned is true
 def nameprep(label):
+    # Fix CVE-2022-45061: Prevent quadratic complexity DoS by limiting label length
+    if len(label) > 63:
+        raise UnicodeError("label too long")
     # Map
     newlabel = []
     for c in label:
-- 
Gitee