1 |
pinkbyte 14/07/29 07:19:13 |
2 |
|
3 |
Added: python-3.2-CVE-2014-4616.patch |
4 |
python-3.3-CVE-2014-4616.patch |
5 |
Log: |
6 |
Revision bump: add patch for CVE-2014-4616, bug #514686. Drop old revisions. Acked by Python team |
7 |
|
8 |
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x1F357D42) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 dev-lang/python/files/python-3.2-CVE-2014-4616.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-4616.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-4616.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: python-3.2-CVE-2014-4616.patch |
17 |
=================================================================== |
18 |
# HG changeset patch |
19 |
# User Benjamin Peterson <benjamin@××××××.org> |
20 |
# Date 1397441438 14400 |
21 |
# Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0 |
22 |
# Parent 218e28a935ab4494d05215c243e2129625a71893 |
23 |
in scan_once, prevent the reading of arbitrary memory when passed a negative index |
24 |
|
25 |
Bug reported by Guido Vranken. |
26 |
|
27 |
Index: Python-3.2.5/Lib/json/tests/test_decode.py |
28 |
=================================================================== |
29 |
--- Python-3.2.5.orig/Lib/test/json_tests/test_decode.py 2014-06-26 18:40:10.825269130 +0200 |
30 |
+++ Python-3.2.5/Lib/test/json_tests/test_decode.py 2014-06-26 18:40:21.962323035 +0200 |
31 |
@@ -60,5 +60,9 @@ |
32 |
msg = 'escape' |
33 |
self.assertRaisesRegexp(ValueError, msg, self.loads, s) |
34 |
|
35 |
+ def test_negative_index(self): |
36 |
+ d = self.json.JSONDecoder() |
37 |
+ self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000) |
38 |
+ |
39 |
class TestPyDecode(TestDecode, PyTest): pass |
40 |
class TestCDecode(TestDecode, CTest): pass |
41 |
Index: Python-3.2.5/Modules/_json.c |
42 |
=================================================================== |
43 |
--- a/Modules/_json.c |
44 |
+++ b/Modules/_json.c |
45 |
@@ -930,7 +930,10 @@ scan_once_unicode(PyScannerObject *s, Py |
46 |
PyObject *res; |
47 |
Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr); |
48 |
Py_ssize_t length = PyUnicode_GET_SIZE(pystr); |
49 |
- if (idx >= length) { |
50 |
+ if (idx < 0) |
51 |
+ /* Compatibility with Python version. */ |
52 |
+ idx += length; |
53 |
+ if (idx < 0 || idx >= length) { |
54 |
PyErr_SetNone(PyExc_StopIteration); |
55 |
return NULL; |
56 |
} |
57 |
|
58 |
|
59 |
|
60 |
1.1 dev-lang/python/files/python-3.3-CVE-2014-4616.patch |
61 |
|
62 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.3-CVE-2014-4616.patch?rev=1.1&view=markup |
63 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.3-CVE-2014-4616.patch?rev=1.1&content-type=text/plain |
64 |
|
65 |
Index: python-3.3-CVE-2014-4616.patch |
66 |
=================================================================== |
67 |
# HG changeset patch |
68 |
# User Benjamin Peterson <benjamin@××××××.org> |
69 |
# Date 1397441438 14400 |
70 |
# Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0 |
71 |
# Parent 218e28a935ab4494d05215c243e2129625a71893 |
72 |
in scan_once, prevent the reading of arbitrary memory when passed a negative index |
73 |
|
74 |
Bug reported by Guido Vranken. |
75 |
|
76 |
Index: Python-3.3.5/Lib/json/tests/test_decode.py |
77 |
=================================================================== |
78 |
--- Python-3.3.5.orig/Lib/test/test_json/test_decode.py 2014-06-26 18:40:10.825269130 +0200 |
79 |
+++ Python-3.3.5/Lib/test/test_json/test_decode.py 2014-06-26 18:40:21.962323035 +0200 |
80 |
@@ -60,5 +60,10 @@ |
81 |
msg = 'escape' |
82 |
self.assertRaisesRegexp(ValueError, msg, self.loads, s) |
83 |
|
84 |
+ def test_negative_index(self): |
85 |
+ d = self.json.JSONDecoder() |
86 |
+ self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000) |
87 |
+ self.assertRaises(ValueError, d.raw_decode, u'a'*42, -50000) |
88 |
+ |
89 |
class TestPyDecode(TestDecode, PyTest): pass |
90 |
class TestCDecode(TestDecode, CTest): pass |
91 |
Index: Python-3.3.5/Misc/ACKS |
92 |
=================================================================== |
93 |
--- Python-3.3.5.orig/Misc/ACKS 2014-06-26 18:40:10.826269135 +0200 |
94 |
+++ Python-3.3.5/Misc/ACKS 2014-06-26 18:40:21.962323035 +0200 |
95 |
@@ -1085,6 +1085,7 @@ |
96 |
Frank Visser |
97 |
Johannes Vogel |
98 |
Alex Volkov |
99 |
+Guido Vranken |
100 |
Martijn Vries |
101 |
Niki W. Waibel |
102 |
Wojtek Walczak |
103 |
Index: Python-3.3.5/Modules/_json.c |
104 |
=================================================================== |
105 |
--- a/Modules/_json.c |
106 |
+++ b/Modules/_json.c |
107 |
@@ -975,7 +975,10 @@ scan_once_unicode(PyScannerObject *s, Py |
108 |
kind = PyUnicode_KIND(pystr); |
109 |
length = PyUnicode_GET_LENGTH(pystr); |
110 |
|
111 |
- if (idx >= length) { |
112 |
+ if (idx < 0) |
113 |
+ /* Compatibility with Python version. */ |
114 |
+ idx += length; |
115 |
+ if (idx < 0 || idx >= length) { |
116 |
PyErr_SetNone(PyExc_StopIteration); |
117 |
return NULL; |
118 |
} |