[python3/f20] Fixed buffer overflow (upstream patch)
Tomas Radej
tradej at fedoraproject.org
Tue Feb 11 10:24:39 UTC 2014
commit b9079fb0c119c949bc2d36c9867b404e5699eb8f
Author: Tomas Radej <tradej at redhat.com>
Date: Mon Feb 10 14:42:12 2014 +0100
Fixed buffer overflow (upstream patch)
Resolves: rhbz#1062374
00192-buffer-overflow.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
python3.spec | 13 ++++++++++++-
2 files changed, 54 insertions(+), 1 deletions(-)
---
diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch
new file mode 100644
index 0000000..73d3ece
--- /dev/null
+++ b/00192-buffer-overflow.patch
@@ -0,0 +1,42 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1389672775 18000
+# Node ID 7f176a45211ff3cb85a2fbdc75f7979d642bb563
+# Parent ed1c27b68068c942c6e845bdf8e987e963d50920# Parent 9c56217e5c793685eeaf0ee224848c402bdf1e4c
+merge 3.2 (#20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -4538,6 +4538,14 @@ class BufferIOTest(SocketConnectedTest):
+
+ _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+
++ def testRecvFromIntoSmallBuffer(self):
++ # See issue #20246.
++ buf = bytearray(8)
++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++ def _testRecvFromIntoSmallBuffer(self):
++ self.serv_conn.send(MSG*2048)
++
+
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s
+ if (recvlen == 0) {
+ /* If nbytes was not specified, use the buffer's length */
+ recvlen = buflen;
++ } else if (recvlen > buflen) {
++ PyBuffer_Release(&pbuf);
++ PyErr_SetString(PyExc_ValueError,
++ "nbytes is greater than the length of the buffer");
++ return NULL;
+ }
+
+ readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+
diff --git a/python3.spec b/python3.spec
index 31fd9b4..b24a883 100644
--- a/python3.spec
+++ b/python3.spec
@@ -126,7 +126,7 @@
Summary: Version 3 of the Python programming language aka Python 3000
Name: python3
Version: %{pybasever}.2
-Release: 8%{?dist}
+Release: 9%{?dist}
License: Python
Group: Development/Languages
@@ -629,6 +629,12 @@ Patch186: 00186-dont-raise-from-py_compile.patch
# See http://bugs.python.org/issue17997#msg194950 for more.
Patch187: 00187-change-match_hostname-to-follow-RFC-6125.patch
+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
# (New patches go here ^^^)
#
@@ -891,6 +897,7 @@ done
%patch185 -p1
%patch186 -p1
%patch187 -p1
+%patch192 -p1
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
# are many differences between 2.6 and the Python 3 library.
@@ -1739,6 +1746,10 @@ rm -fr %{buildroot}
# ======================================================
%changelog
+* Mon Feb 10 2014 Tomas Radej <tradej at redhat.com> - 3.3.2-9
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062374
+
* Thu Nov 07 2013 Matej Stuchlik <mstuchli at redhat.com> - 3.3.2-8
- Changed behavior of ssl.match_hostname() to follow RFC 6125 (rhbz#1023742)
More information about the scm-commits
mailing list