From 21cb9c24f00f78862920a58e1936a4ee1e1eeba5 Mon Sep 17 00:00:00 2001
From: James Cook <james.cook@utoronto.ca>
Date: Sat, 12 Apr 2014 15:49:02 -0700
Subject: [PATCH] Patch python32 for CVE-2014-1912.

---
 .../python/3.2/CVE-2014-1912.patch            | 57 +++++++++++++++++++
 .../interpreters/python/3.2/default.nix       |  6 ++
 2 files changed, 63 insertions(+)
 create mode 100644 pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch

diff --git a/pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch b/pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch
new file mode 100644
index 00000000000..c69efd17f96
--- /dev/null
+++ b/pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch
@@ -0,0 +1,57 @@
+# Edited from Mercurial patch: deleted the NEWS hunk, since it didn't apply cleanly.
+# It added the following line to NEWS:
+# - Issue #20246: Fix buffer overflow in socket.recvfrom_into.
+
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1389671978 18000
+# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c
+# Parent  2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
++    def testRecvFromIntoSmallBuffer(self):
++        # See issue #20246.
++        buf = bytearray(8)
++        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++    def _testRecvFromIntoSmallBuffer(self):
++        self.serv_conn.send(MSG*2048)
++
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Misc/ACKS b/Misc/ACKS
+--- a/Misc/ACKS
++++ b/Misc/ACKS
+@@ -1020,6 +1020,7 @@ Eric V. Smith
+ Christopher Smith
+ Gregory P. Smith
+ Roy Smith
++Ryan Smith-Roberts
+ Rafal Smotrzyk
+ Dirk Soede
+ Paul Sokolovsky
+diff --git a/Misc/NEWS b/Misc/NEWS
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyBuffer_Release(&pbuf);
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        return NULL;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+
diff --git a/pkgs/development/interpreters/python/3.2/default.nix b/pkgs/development/interpreters/python/3.2/default.nix
index 03f2d392bd1..c103b0f59cd 100644
--- a/pkgs/development/interpreters/python/3.2/default.nix
+++ b/pkgs/development/interpreters/python/3.2/default.nix
@@ -32,6 +32,12 @@ stdenv.mkDerivation {
     sha256 = "0pxs234g08v3lar09lvzxw4vqdpwkbqmvkv894j2w7aklskcjd6v";
   };
 
+  patches =
+    [
+      # See http://bugs.python.org/issue20246
+      ./CVE-2014-1912.patch
+    ];
+
   NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s";
 
   preConfigure = ''