[python/f20] Fixed buffer overflow (upstream patch)
Tomas Radej
tradej at fedoraproject.org
Tue Feb 11 10:19:59 UTC 2014
commit 11eeff2a21d7ffd655a8cf6bf1943ced444952e1
Author: Tomas Radej <tradej at redhat.com>
Date: Mon Feb 10 13:54:05 2014 +0100
Fixed buffer overflow (upstream patch)
Resolves: rhbz#1062375
00192-buffer-overflow.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
python.spec | 13 ++++++++++++-
2 files changed, 55 insertions(+), 1 deletions(-)
---
diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch
new file mode 100644
index 0000000..164b462
--- /dev/null
+++ b/00192-buffer-overflow.patch
@@ -0,0 +1,43 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1389671978 18000
+# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
+# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
+
+ _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+
++ def testRecvFromIntoSmallBuffer(self):
++ # See issue #20246.
++ buf = bytearray(8)
++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++ def _testRecvFromIntoSmallBuffer(self):
++ with test_support.check_py3k_warnings():
++ buf = buffer(MSG*2048)
++ self.serv_conn.send(buf)
++
+
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
+ if (recvlen == 0) {
+ /* If nbytes was not specified, use the buffer's length */
+ recvlen = buflen;
++ } else if (recvlen > buflen) {
++ PyErr_SetString(PyExc_ValueError,
++ "nbytes is greater than the length of the buffer");
++ goto error;
+ }
+
+ readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+
diff --git a/python.spec b/python.spec
index 41bb29d..1c33fb0 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
Name: %{python}
# Remember to also rebase python-docs when changing this:
Version: 2.7.5
-Release: 9%{?dist}
+Release: 10%{?dist}
License: Python
Group: Development/Languages
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -859,6 +859,12 @@ Patch189: 00189-gdb-py-bt-dont-raise-exception-from-eval.patch
# rhbz#1029082
Patch190: 00190-get_python_version.patch
+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -1210,6 +1216,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
%patch188 -p1
%patch189 -p1
%patch190 -p1
+%patch192 -p1
# This shouldn't be necesarry, but is right now (2.2a3)
@@ -2039,6 +2046,10 @@ rm -fr %{buildroot}
# ======================================================
%changelog
+* Mon Feb 10 2014 Tomas Radej <tradej at redhat.com> - 2.7.5-10
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062375
+
* Tue Nov 12 2013 Tomas Radej <tradej at redhat.com> - 2.7.5-9
- Import get_python_version in bdist_rpm
Resolves: rhbz#1029082
More information about the scm-commits
mailing list