[python3/f20] Fixed buffer overflow (upstream patch)

Tomas Radej tradej at fedoraproject.org
Tue Feb 11 10:24:39 UTC 2014 

commit b9079fb0c119c949bc2d36c9867b404e5699eb8f
Author: Tomas Radej <tradej at redhat.com>
Date:   Mon Feb 10 14:42:12 2014 +0100

    Fixed buffer overflow (upstream patch)
    
    Resolves: rhbz#1062374

 00192-buffer-overflow.patch |   42 ++++++++++++++++++++++++++++++++++++++++++
 python3.spec                |   13 ++++++++++++-
 2 files changed, 54 insertions(+), 1 deletions(-)
---
diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch
new file mode 100644
index 0000000..73d3ece
--- /dev/null
+++ b/00192-buffer-overflow.patch
@@ -0,0 +1,42 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1389672775 18000
+# Node ID 7f176a45211ff3cb85a2fbdc75f7979d642bb563
+# Parent  ed1c27b68068c942c6e845bdf8e987e963d50920# Parent  9c56217e5c793685eeaf0ee224848c402bdf1e4c
+merge 3.2 (#20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -4538,6 +4538,14 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
++    def testRecvFromIntoSmallBuffer(self):
++        # See issue #20246.
++        buf = bytearray(8)
++        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++    def _testRecvFromIntoSmallBuffer(self):
++        self.serv_conn.send(MSG*2048)
++
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyBuffer_Release(&pbuf);
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        return NULL;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+
diff --git a/python3.spec b/python3.spec
index 31fd9b4..b24a883 100644
--- a/python3.spec
+++ b/python3.spec
@@ -126,7 +126,7 @@
 Summary: Version 3 of the Python programming language aka Python 3000
 Name: python3
 Version: %{pybasever}.2
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: Python
 Group: Development/Languages
 
@@ -629,6 +629,12 @@ Patch186: 00186-dont-raise-from-py_compile.patch
 # See http://bugs.python.org/issue17997#msg194950 for more.
 Patch187: 00187-change-match_hostname-to-follow-RFC-6125.patch
 
+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
 
 # (New patches go here ^^^)
 #
@@ -891,6 +897,7 @@ done
 %patch185 -p1
 %patch186 -p1
 %patch187 -p1
+%patch192 -p1
 
 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
 # are many differences between 2.6 and the Python 3 library.
@@ -1739,6 +1746,10 @@ rm -fr %{buildroot}
 # ======================================================
 
 %changelog
+* Mon Feb 10 2014 Tomas Radej <tradej at redhat.com> - 3.3.2-9
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062374
+
 * Thu Nov 07 2013 Matej Stuchlik <mstuchli at redhat.com> - 3.3.2-8
 - Changed behavior of ssl.match_hostname() to follow RFC 6125 (rhbz#1023742)

More information about the scm-commits mailing list