Patch python27 for CVE-2014-1912.
This commit is contained in:
James Cook
Domen Kožar
parent
a3155a0e2a
commit
324ade4658
57
pkgs/development/interpreters/python/2.7/CVE-2014-1912.patch
Normal file
57
pkgs/development/interpreters/python/2.7/CVE-2014-1912.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
# Edited from Mercurial patch: deleted the NEWS hunk, since it didn't apply cleanly.
|
||||||
|
# It added the following line to NEWS:
|
||||||
|
# - Issue #20246: Fix buffer overflow in socket.recvfrom_into.
|
||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Benjamin Peterson <benjamin@python.org>
|
||||||
|
# Date 1389671978 18000
|
||||||
|
# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
|
||||||
|
# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8
|
||||||
|
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
|
||||||
|
|
||||||
|
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
|
||||||
|
--- a/Lib/test/test_socket.py
|
||||||
|
+++ b/Lib/test/test_socket.py
|
||||||
|
@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
|
||||||
|
|
||||||
|
_testRecvFromIntoMemoryview = _testRecvFromIntoArray
|
||||||
|
|
||||||
|
+ def testRecvFromIntoSmallBuffer(self):
|
||||||
|
+ # See issue #20246.
|
||||||
|
+ buf = bytearray(8)
|
||||||
|
+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
|
||||||
|
+
|
||||||
|
+ def _testRecvFromIntoSmallBuffer(self):
|
||||||
|
+ with test_support.check_py3k_warnings():
|
||||||
|
+ buf = buffer(MSG*2048)
|
||||||
|
+ self.serv_conn.send(buf)
|
||||||
|
+
|
||||||
|
|
||||||
|
TIPC_STYPE = 2000
|
||||||
|
TIPC_LOWER = 200
|
||||||
|
diff --git a/Misc/ACKS b/Misc/ACKS
|
||||||
|
--- a/Misc/ACKS
|
||||||
|
+++ b/Misc/ACKS
|
||||||
|
@@ -979,6 +979,7 @@ Eric V. Smith
|
||||||
|
Christopher Smith
|
||||||
|
Gregory P. Smith
|
||||||
|
Roy Smith
|
||||||
|
+Ryan Smith-Roberts
|
||||||
|
Rafal Smotrzyk
|
||||||
|
Dirk Soede
|
||||||
|
Paul Sokolovsky
|
||||||
|
diff --git a/Misc/NEWS b/Misc/NEWS
|
||||||
|
--- a/Modules/socketmodule.c
|
||||||
|
+++ b/Modules/socketmodule.c
|
||||||
|
@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
|
||||||
|
if (recvlen == 0) {
|
||||||
|
/* If nbytes was not specified, use the buffer's length */
|
||||||
|
recvlen = buflen;
|
||||||
|
+ } else if (recvlen > buflen) {
|
||||||
|
+ PyErr_SetString(PyExc_ValueError,
|
||||||
|
+ "nbytes is greater than the length of the buffer");
|
||||||
|
+ goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
|
||||||
|
|
||||||
@ -28,6 +28,10 @@ let
|
|||||||
# patch python to put zero timestamp into pyc
|
# patch python to put zero timestamp into pyc
|
||||||
# if DETERMINISTIC_BUILD env var is set
|
# if DETERMINISTIC_BUILD env var is set
|
||||||
./deterministic-build.patch
|
./deterministic-build.patch
|
||||||
|
|
||||||
|
# See http://bugs.python.org/issue20246
|
||||||
|
# This will be fixed in 2.7.7.
|
||||||
|
./CVE-2014-1912.patch
|
||||||
];
|
];
|
||||||
|
|
||||||
postPatch = stdenv.lib.optionalString (stdenv.gcc.libc != null) ''
|
postPatch = stdenv.lib.optionalString (stdenv.gcc.libc != null) ''
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user