1 |
pinkbyte 14/07/29 07:53:03 |
2 |
|
3 |
Added: python-3.2-CVE-2014-1912.patch |
4 |
Log: |
5 |
Revision bump: backport patch for CVE-2014-1912, bug #500518. Drop old revision. Acked by Python team |
6 |
|
7 |
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x1F357D42) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 dev-lang/python/files/python-3.2-CVE-2014-1912.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: python-3.2-CVE-2014-1912.patch |
16 |
=================================================================== |
17 |
# HG changeset patch |
18 |
# User Benjamin Peterson <benjamin@××××××.org> |
19 |
# Date 1389671978 18000 |
20 |
# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c |
21 |
# Parent 2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6 |
22 |
complain when nbytes > buflen to fix possible buffer overflow (closes #20246) |
23 |
|
24 |
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py |
25 |
--- a/Lib/test/test_socket.py |
26 |
+++ b/Lib/test/test_socket.py |
27 |
@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest): |
28 |
|
29 |
_testRecvFromIntoMemoryview = _testRecvFromIntoArray |
30 |
|
31 |
+ def testRecvFromIntoSmallBuffer(self): |
32 |
+ # See issue #20246. |
33 |
+ buf = bytearray(8) |
34 |
+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) |
35 |
+ |
36 |
+ def _testRecvFromIntoSmallBuffer(self): |
37 |
+ self.serv_conn.send(MSG*2048) |
38 |
+ |
39 |
|
40 |
TIPC_STYPE = 2000 |
41 |
TIPC_LOWER = 200 |
42 |
diff --git a/Misc/ACKS b/Misc/ACKS |
43 |
--- a/Misc/ACKS |
44 |
+++ b/Misc/ACKS |
45 |
@@ -1020,6 +1020,7 @@ Eric V. Smith |
46 |
Christopher Smith |
47 |
Gregory P. Smith |
48 |
Roy Smith |
49 |
+Ryan Smith-Roberts |
50 |
Rafal Smotrzyk |
51 |
Dirk Soede |
52 |
Paul Sokolovsky |
53 |
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c |
54 |
--- a/Modules/socketmodule.c |
55 |
+++ b/Modules/socketmodule.c |
56 |
@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s |
57 |
if (recvlen == 0) { |
58 |
/* If nbytes was not specified, use the buffer's length */ |
59 |
recvlen = buflen; |
60 |
+ } else if (recvlen > buflen) { |
61 |
+ PyBuffer_Release(&pbuf); |
62 |
+ PyErr_SetString(PyExc_ValueError, |
63 |
+ "nbytes is greater than the length of the buffer"); |
64 |
+ return NULL; |
65 |
} |
66 |
|
67 |
readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); |