[gentoo-commits] gentoo-x86 commit in dev-lang/python/files: python-3.2-CVE-2014-1912.patch - gentoo-commits

From:	"Sergey Popov (pinkbyte)" <pinkbyte@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-lang/python/files: python-3.2-CVE-2014-1912.patch
Date:	Tue, 29 Jul 2014 07:53:08
Message-Id:	`20140729075303.818642004F@flycatcher.gentoo.org`

1

pinkbyte    14/07/29 07:53:03

2

3

  Added:                python-3.2-CVE-2014-1912.patch

4

  Log:

5

  Revision bump: backport patch for CVE-2014-1912, bug #500518. Drop old revision. Acked by Python team

6

7

  (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x1F357D42)

8

9

Revision  Changes    Path

10

1.1                  dev-lang/python/files/python-3.2-CVE-2014-1912.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&content-type=text/plain

14

15

Index: python-3.2-CVE-2014-1912.patch

16

===================================================================

17

# HG changeset patch

18

# User Benjamin Peterson <benjamin@××××××.org>

19

# Date 1389671978 18000

20

# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c

21

# Parent  2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6

22

complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

23

24

diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py

25

--- a/Lib/test/test_socket.py

26

+++ b/Lib/test/test_socket.py

27

@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):

28

29

     _testRecvFromIntoMemoryview = _testRecvFromIntoArray

30

31

+    def testRecvFromIntoSmallBuffer(self):

32

+        # See issue #20246.

33

+        buf = bytearray(8)

34

+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)

35

+

36

+    def _testRecvFromIntoSmallBuffer(self):

37

+        self.serv_conn.send(MSG*2048)

38

+

39

40

 TIPC_STYPE = 2000

41

 TIPC_LOWER = 200

42

diff --git a/Misc/ACKS b/Misc/ACKS

43

--- a/Misc/ACKS

44

+++ b/Misc/ACKS

45

@@ -1020,6 +1020,7 @@ Eric V. Smith

46

 Christopher Smith

47

 Gregory P. Smith

48

 Roy Smith

49

+Ryan Smith-Roberts

50

 Rafal Smotrzyk

51

 Dirk Soede

52

 Paul Sokolovsky

53

diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c

54

--- a/Modules/socketmodule.c

55

+++ b/Modules/socketmodule.c

56

@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s

57

     if (recvlen == 0) {

58

         /* If nbytes was not specified, use the buffer's length */

59

         recvlen = buflen;

60

+    } else if (recvlen > buflen) {

61

+        PyBuffer_Release(&pbuf);

62

+        PyErr_SetString(PyExc_ValueError,

63

+                        "nbytes is greater than the length of the buffer");

64

+        return NULL;

65

}

66

67

     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);

1	pinkbyte 14/07/29 07:53:03
2
3	Added: python-3.2-CVE-2014-1912.patch
4	Log:
5	Revision bump: backport patch for CVE-2014-1912, bug #500518. Drop old revision. Acked by Python team
6
7	(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x1F357D42)
8
9	Revision Changes Path
10	1.1 dev-lang/python/files/python-3.2-CVE-2014-1912.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&content-type=text/plain
14
15	Index: python-3.2-CVE-2014-1912.patch
16	===================================================================
17	# HG changeset patch
18	# User Benjamin Peterson <benjamin@××××××.org>
19	# Date 1389671978 18000
20	# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c
21	# Parent 2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6
22	complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
23
24	diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
25	--- a/Lib/test/test_socket.py
26	+++ b/Lib/test/test_socket.py
27	@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):
28
29	_testRecvFromIntoMemoryview = _testRecvFromIntoArray
30
31	+ def testRecvFromIntoSmallBuffer(self):
32	+ # See issue #20246.
33	+ buf = bytearray(8)
34	+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
35	+
36	+ def _testRecvFromIntoSmallBuffer(self):
37	+ self.serv_conn.send(MSG*2048)
38	+
39
40	TIPC_STYPE = 2000
41	TIPC_LOWER = 200
42	diff --git a/Misc/ACKS b/Misc/ACKS
43	--- a/Misc/ACKS
44	+++ b/Misc/ACKS
45	@@ -1020,6 +1020,7 @@ Eric V. Smith
46	Christopher Smith
47	Gregory P. Smith
48	Roy Smith
49	+Ryan Smith-Roberts
50	Rafal Smotrzyk
51	Dirk Soede
52	Paul Sokolovsky
53	diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
54	--- a/Modules/socketmodule.c
55	+++ b/Modules/socketmodule.c
56	@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s
57	if (recvlen == 0) {
58	/* If nbytes was not specified, use the buffer's length */
59	recvlen = buflen;
60	+ } else if (recvlen > buflen) {
61	+ PyBuffer_Release(&pbuf);
62	+ PyErr_SetString(PyExc_ValueError,
63	+ "nbytes is greater than the length of the buffer");
64	+ return NULL;
65	}
66
67	readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);

Gentoo Archives: gentoo-commits