[gentoo-commits] gentoo-x86 commit in dev-lang/python/files: python-3.2-CVE-2014-1912.patch

Tue, 29 Jul 2014 00:53:17 -0700 

pinkbyte    14/07/29 07:53:03

  Added:                python-3.2-CVE-2014-1912.patch
  Log:
  Revision bump: backport patch for CVE-2014-1912, bug #500518. Drop old 
revision. Acked by Python team
  
  (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 
0x1F357D42)

Revision  Changes    Path
1.1                  dev-lang/python/files/python-3.2-CVE-2014-1912.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-1912.patch?rev=1.1&content-type=text/plain

Index: python-3.2-CVE-2014-1912.patch
===================================================================
# HG changeset patch
# User Benjamin Peterson <benja...@python.org>
# Date 1389671978 18000
# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c
# Parent  2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):
 
     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
 
+    def testRecvFromIntoSmallBuffer(self):
+        # See issue #20246.
+        buf = bytearray(8)
+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+    def _testRecvFromIntoSmallBuffer(self):
+        self.serv_conn.send(MSG*2048)
+
 
 TIPC_STYPE = 2000
 TIPC_LOWER = 200
diff --git a/Misc/ACKS b/Misc/ACKS
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1020,6 +1020,7 @@ Eric V. Smith
 Christopher Smith
 Gregory P. Smith
 Roy Smith
+Ryan Smith-Roberts
 Rafal Smotrzyk
 Dirk Soede
 Paul Sokolovsky
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s
     if (recvlen == 0) {
         /* If nbytes was not specified, use the buffer's length */
         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyBuffer_Release(&pbuf);
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        return NULL;
     }
 
     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);

Reply via email to