Fix for CVE-2017-1000158 (#1519604)
This commit is contained in:
parent
4e033a4931
commit
6827170b24
25
00286-pystring-decodeescape-integer-overflow.patch
Normal file
25
00286-pystring-decodeescape-integer-overflow.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001
|
||||
From: Jay Bosamiya <jaybosamiya@gmail.com>
|
||||
Date: Sun, 18 Jun 2017 22:11:03 +0530
|
||||
Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in
|
||||
PyString_DecodeEscape (#2174)
|
||||
|
||||
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
|
||||
index 77dd45e..9b29dc3 100644
|
||||
--- a/Objects/bytesobject.c
|
||||
+++ b/Objects/bytesobject.c
|
||||
@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,
|
||||
char *p, *buf;
|
||||
const char *end;
|
||||
PyObject *v;
|
||||
- Py_ssize_t newlen = recode_encoding ? 4*len:len;
|
||||
+ Py_ssize_t newlen;
|
||||
+ /* Check for integer overflow */
|
||||
+ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
|
||||
+ PyErr_SetString(PyExc_OverflowError, "string is too large");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ newlen = recode_encoding ? 4*len:len;
|
||||
v = PyBytes_FromStringAndSize((char *)NULL, newlen);
|
||||
if (v == NULL)
|
||||
return NULL;
|
13
python3.spec
13
python3.spec
@ -112,7 +112,7 @@
|
||||
Summary: Version 3 of the Python programming language aka Python 3000
|
||||
Name: python3
|
||||
Version: %{pybasever}.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: Python
|
||||
Group: Development/Languages
|
||||
|
||||
@ -394,6 +394,12 @@ Patch243: 00243-fix-mips64-triplet.patch
|
||||
# Fixed upstream: https://bugs.python.org/issue31532
|
||||
Patch279: 00279-fix-memory-corruption-due-to-allocator-mix.patch
|
||||
|
||||
# 00286 #
|
||||
# CVE-2017-1000158
|
||||
# Check & prevent integer overflow in PyString_DecodeEscape
|
||||
# Fixed upstream for Python 2 only: https://bugs.python.org/issue30657
|
||||
Patch286: 00286-pystring-decodeescape-integer-overflow.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
@ -635,6 +641,7 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en
|
||||
%patch206 -p1
|
||||
%patch243 -p1
|
||||
%patch279 -p1
|
||||
%patch286 -p1
|
||||
|
||||
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
|
||||
# are many differences between 2.6 and the Python 3 library.
|
||||
@ -1538,6 +1545,10 @@ rm -fr %{buildroot}
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Fri Dec 01 2017 Miro Hrončok <mhroncok@redhat.com> - 3.5.4-3
|
||||
- Fix for CVE-2017-1000158
|
||||
- rhbz#1519606: https://bugzilla.redhat.com/show_bug.cgi?id=1519604
|
||||
|
||||
* Mon Oct 09 2017 Charalampos Stratakis <cstratak@redhat.com> - 3.5.4-2
|
||||
- Fix memory corruption due to allocator mix
|
||||
Resolves: rhbz#1498207
|
||||
|
Loading…
Reference in New Issue
Block a user