[python] Fixed buffer overflow (upstream patch)

[Tomas Radej]

commit 645b355bed7767ffeebb9e8769529c5a70ea2a95
Author: Tomas Radej <tradej at redhat.com>
Date:   Mon Feb 10 13:54:05 2014 +0100

    Fixed buffer overflow (upstream patch)
    
    Resolves: rhbz#1062375

 00192-buffer-overflow.patch |   43 +++++++++++++++++++++++++++++++++++++++++++
 python.spec                 |   14 +++++++++++++-
 2 files changed, 56 insertions(+), 1 deletions(-)
---
diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch
new file mode 100644
index 0000000..164b462
--- /dev/null
+++ b/00192-buffer-overflow.patch
@@ -0,0 +1,43 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1389671978 18000
+# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
+# Parent  2631d33ee7fbd5f0288931ef37872218d511d2e8
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
++    def testRecvFromIntoSmallBuffer(self):
++        # See issue #20246.
++        buf = bytearray(8)
++        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++    def _testRecvFromIntoSmallBuffer(self):
++        with test_support.check_py3k_warnings():
++            buf = buffer(MSG*2048)
++        self.serv_conn.send(buf)
++
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        goto error;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+
diff --git a/python.spec b/python.spec
index 670b968..989a5c3 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
 Name: %{python}
 # Remember to also rebase python-docs when changing this:
 Version: 2.7.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Python
 Group: Development/Languages
 Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -853,6 +853,13 @@ Patch190: 00190-get_python_version.patch
 # Disabling NOOP test as it fails without internet connection
 Patch191: 00191-disable-NOOP.patch
 
+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -1203,6 +1210,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
 %patch189 -p1
 %patch190 -p1
 %patch191 -p1
+%patch192 -p1
 
 
 # This shouldn't be necesarry, but is right now (2.2a3)
@@ -2037,6 +2045,10 @@ rm -fr %{buildroot}
 # ======================================================
 
 %changelog
+* Mon Feb 10 2014 Tomas Radej <tradej at redhat.com> - 2.7.6-3
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062375
+
 * Tue Feb 04 2014 Bohuslav Kabrda <bkabrda at redhat.com> - 2.7.6-2
 - Install macros in _rpmconfigdir.