[python/f20] Fixed buffer overflow (upstream patch)

[Tomas Radej]

commit 11eeff2a21d7ffd655a8cf6bf1943ced444952e1
Author: Tomas Radej <tradej at redhat.com>
Date:   Mon Feb 10 13:54:05 2014 +0100

    Fixed buffer overflow (upstream patch)
    
    Resolves: rhbz#1062375

 00192-buffer-overflow.patch |   43 +++++++++++++++++++++++++++++++++++++++++++
 python.spec                 |   13 ++++++++++++-
 2 files changed, 55 insertions(+), 1 deletions(-)
---
diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch
new file mode 100644
index 0000000..164b462
--- /dev/null
+++ b/00192-buffer-overflow.patch
@@ -0,0 +1,43 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1389671978 18000
+# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
+# Parent  2631d33ee7fbd5f0288931ef37872218d511d2e8
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
++    def testRecvFromIntoSmallBuffer(self):
++        # See issue #20246.
++        buf = bytearray(8)
++        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++    def _testRecvFromIntoSmallBuffer(self):
++        with test_support.check_py3k_warnings():
++            buf = buffer(MSG*2048)
++        self.serv_conn.send(buf)
++
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        goto error;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+
diff --git a/python.spec b/python.spec
index 41bb29d..1c33fb0 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
 Name: %{python}
 # Remember to also rebase python-docs when changing this:
 Version: 2.7.5
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: Python
 Group: Development/Languages
 Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -859,6 +859,12 @@ Patch189: 00189-gdb-py-bt-dont-raise-exception-from-eval.patch
 # rhbz#1029082
 Patch190: 00190-get_python_version.patch
 
+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -1210,6 +1216,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
 %patch188 -p1
 %patch189 -p1
 %patch190 -p1
+%patch192 -p1
 
 
 # This shouldn't be necesarry, but is right now (2.2a3)
@@ -2039,6 +2046,10 @@ rm -fr %{buildroot}
 # ======================================================
 
 %changelog
+* Mon Feb 10 2014 Tomas Radej <tradej at redhat.com> - 2.7.5-10
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062375
+
 * Tue Nov 12 2013 Tomas Radej <tradej at redhat.com> - 2.7.5-9
 - Import get_python_version in bdist_rpm
 Resolves: rhbz#1029082