Fixed buffer overflow (upstream patch)

Resolves: rhbz#1062374
This commit is contained in:
Tomas Radej 2014-02-10 14:42:12 +01:00
parent 0d234b4d44
commit b9079fb0c1
2 changed files with 54 additions and 1 deletions

View File

@ -0,0 +1,42 @@
# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1389672775 18000
# Node ID 7f176a45211ff3cb85a2fbdc75f7979d642bb563
# Parent ed1c27b68068c942c6e845bdf8e987e963d50920# Parent 9c56217e5c793685eeaf0ee224848c402bdf1e4c
merge 3.2 (#20246)
diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
@@ -4538,6 +4538,14 @@ class BufferIOTest(SocketConnectedTest):
_testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ def testRecvFromIntoSmallBuffer(self):
+ # See issue #20246.
+ buf = bytearray(8)
+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+ def _testRecvFromIntoSmallBuffer(self):
+ self.serv_conn.send(MSG*2048)
+
TIPC_STYPE = 2000
TIPC_LOWER = 200
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s
if (recvlen == 0) {
/* If nbytes was not specified, use the buffer's length */
recvlen = buflen;
+ } else if (recvlen > buflen) {
+ PyBuffer_Release(&pbuf);
+ PyErr_SetString(PyExc_ValueError,
+ "nbytes is greater than the length of the buffer");
+ return NULL;
}
readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);

View File

@ -126,7 +126,7 @@
Summary: Version 3 of the Python programming language aka Python 3000 Summary: Version 3 of the Python programming language aka Python 3000
Name: python3 Name: python3
Version: %{pybasever}.2 Version: %{pybasever}.2
Release: 8%{?dist} Release: 9%{?dist}
License: Python License: Python
Group: Development/Languages Group: Development/Languages
@ -629,6 +629,12 @@ Patch186: 00186-dont-raise-from-py_compile.patch
# See http://bugs.python.org/issue17997#msg194950 for more. # See http://bugs.python.org/issue17997#msg194950 for more.
Patch187: 00187-change-match_hostname-to-follow-RFC-6125.patch Patch187: 00187-change-match_hostname-to-follow-RFC-6125.patch
# 00192 #
#
# Fixing buffer overflow (upstream patch)
# rhbz#1062375
Patch192: 00192-buffer-overflow.patch
# (New patches go here ^^^) # (New patches go here ^^^)
# #
@ -891,6 +897,7 @@ done
%patch185 -p1 %patch185 -p1
%patch186 -p1 %patch186 -p1
%patch187 -p1 %patch187 -p1
%patch192 -p1
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
# are many differences between 2.6 and the Python 3 library. # are many differences between 2.6 and the Python 3 library.
@ -1739,6 +1746,10 @@ rm -fr %{buildroot}
# ====================================================== # ======================================================
%changelog %changelog
* Mon Feb 10 2014 Tomas Radej <tradej@redhat.com> - 3.3.2-9
- Fixed buffer overflow (upstream patch)
Resolves: rhbz#1062374
* Thu Nov 07 2013 Matej Stuchlik <mstuchli@redhat.com> - 3.3.2-8 * Thu Nov 07 2013 Matej Stuchlik <mstuchli@redhat.com> - 3.3.2-8
- Changed behavior of ssl.match_hostname() to follow RFC 6125 (rhbz#1023742) - Changed behavior of ssl.match_hostname() to follow RFC 6125 (rhbz#1023742)