[python] Fixed buffer overflow (upstream patch)
Tomas Radej
tradej at fedoraproject.org
Tue Feb 11 10:19:39 UTC 2014
commit 645b355bed7767ffeebb9e8769529c5a70ea2a95
Author: Tomas Radej <tradej at redhat.com>
Date: Mon Feb 10 13:54:05 2014 +0100
Fixed buffer overflow (upstream patch)
Resolves: rhbz#1062375
00192-buffer-overflow.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
python.spec | 14 +++++++++++++-
2 files changed, 56 insertions(+), 1 deletions(-)
---
diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch
new file mode 100644
index 0000000..164b462
--- /dev/null
+++ b/00192-buffer-overflow.patch
@@ -0,0 +1,43 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1389671978 18000
+# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
+# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
+
+ _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+
++ def testRecvFromIntoSmallBuffer(self):
++ # See issue #20246.
++ buf = bytearray(8)
++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++ def _testRecvFromIntoSmallBuffer(self):
++ with test_support.check_py3k_warnings():
++ buf = buffer(MSG*2048)
++ self.serv_conn.send(buf)
++
+
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
+ if (recvlen == 0) {
+ /* If nbytes was not specified, use the buffer's length */
+ recvlen = buflen;
++ } else if (recvlen > buflen) {
++ PyErr_SetString(PyExc_ValueError,
++ "nbytes is greater than the length of the buffer");
++ goto error;
+ }
+
+ readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+
diff --git a/python.spec b/python.spec
index 670b968..989a5c3 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
Name: %{python}
# Remember to also rebase python-docs when changing this:
Version: 2.7.6
-Release: 2%{?dist}
+Release: 3%{?dist}
License: Python
Group: Development/Languages
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -853,6 +853,13 @@ Patch190: 00190-get_python_version.patch
# Disabling NOOP test as it fails without internet connection
Patch191: 00191-disable-NOOP.patch
+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
+
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -1203,6 +1210,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
%patch189 -p1
%patch190 -p1
%patch191 -p1
+%patch192 -p1
# This shouldn't be necesarry, but is right now (2.2a3)
@@ -2037,6 +2045,10 @@ rm -fr %{buildroot}
# ======================================================
%changelog
+* Mon Feb 10 2014 Tomas Radej <tradej at redhat.com> - 2.7.6-3
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062375
+
* Tue Feb 04 2014 Bohuslav Kabrda <bkabrda at redhat.com> - 2.7.6-2
- Install macros in _rpmconfigdir.
More information about the scm-commits
mailing list