Fix JSON reading arbitrary process memory (rhbz#1112293)
This commit is contained in:
Matej Stuchlik
parent
ed4ad2518b
commit
0b48f428a3
|
|
@ -0,0 +1,37 @@
|
|||
|
||||
# HG changeset patch
|
||||
# User Benjamin Peterson <benjamin@python.org>
|
||||
# Date 1397442496 14400
|
||||
# Node ID 4f15bd1ab28fe25c2e381ab05b11b60ce42fe613
|
||||
# Parent b49d990aaa9d708a8c3174f6d51b8e069040ffe4# Parent 8130b8c066062bc589d337aebd3da4b156ee7f45
|
||||
merge 3.2
|
||||
|
||||
diff --git a/Lib/test/test_json/test_decode.py b/Lib/test/test_json/test_decode.py
|
||||
--- a/Lib/test/json_tests/test_decode.py
|
||||
+++ b/Lib/test/json_tests/test_decode.py
|
||||
@@ -70,5 +70,9 @@ class TestDecode:
|
||||
msg = 'escape'
|
||||
self.assertRaisesRegex(ValueError, msg, self.loads, s)
|
||||
|
||||
+ def test_negative_index(self):
|
||||
+ d = self.json.JSONDecoder()
|
||||
+ self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000)
|
||||
+
|
||||
class TestPyDecode(TestDecode, PyTest): pass
|
||||
class TestCDecode(TestDecode, CTest): pass
|
||||
diff --git a/Modules/_json.c b/Modules/_json.c
|
||||
--- a/Modules/_json.c
|
||||
+++ b/Modules/_json.c
|
||||
@@ -975,7 +975,10 @@ scan_once_unicode(PyScannerObject *s, Py
|
||||
kind = PyUnicode_KIND(pystr);
|
||||
length = PyUnicode_GET_LENGTH(pystr);
|
||||
|
||||
- if (idx >= length) {
|
||||
+ if (idx < 0)
|
||||
+ /* Compatibility with Python version. */
|
||||
+ idx += length;
|
||||
+ if (idx < 0 || idx >= length) {
|
||||
PyErr_SetNone(PyExc_StopIteration);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
13
python3.spec
13
python3.spec
|
|
@ -126,7 +126,7 @@
|
|||
Summary: Version 3 of the Python programming language aka Python 3000
|
||||
Name: python3
|
||||
Version: %{pybasever}.2
|
||||
Release: 15%{?dist}
|
||||
Release: 16%{?dist}
|
||||
License: Python
|
||||
Group: Development/Languages
|
||||
|
||||
|
|
@ -649,6 +649,12 @@ Patch192: 00192-buffer-overflow.patch
|
|||
# http://bugs.python.org/issue20778
|
||||
Patch193: 00193-skip-correct-num-of-pycfile-bytes-in-modulefinder.patch
|
||||
|
||||
# 00194
|
||||
#
|
||||
# JSON module could read arbitrary process memory
|
||||
# rhbz#1112293
|
||||
Patch194: 00194-json-add-boundary-check.patch
|
||||
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
|
|
@ -915,6 +921,7 @@ done
|
|||
%patch190 -p1
|
||||
%patch192 -p1
|
||||
%patch193 -p1
|
||||
%patch194 -p1
|
||||
|
||||
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
|
||||
# are many differences between 2.6 and the Python 3 library.
|
||||
|
|
@ -1773,6 +1780,10 @@ rm -fr %{buildroot}
|
|||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Mon Jun 30 2014 Matej Stuchlik <mstuchli@redhat.com> - 3.3.2-16
|
||||
- JSON module could read arbitrary process memory
|
||||
Resolves: rhbz#1112293
|
||||
|
||||
* Fri May 30 2014 Miro Hrončok <mhroncok@redhat.com> - 3.3.2-15
|
||||
- In config script, use uname -m to write the arch
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue