1 files changed, 62 insertions, 0 deletions
diff --git a/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch b/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch
new file mode 100644
index 0000000..b94ae06
--- /dev/null
+++ b/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch
@@ -0,0 +1,62 @@
+From cab6444ff39a91084bdac08d0ae66734cea943f6 Mon Sep 17 00:00:00 2001
+From: Andreas Wellving <andreas.wellving@enea.com>
+Date: Mon, 22 Oct 2018 10:13:00 +0200
+Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in PyString_DecodeEscape (#2174)
+CVE: CVE-2017-1000158
+Upstream-Status: Backport [https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ Misc/ACKS              | 1 +
+ Misc/NEWS              | 3 +++
+ Objects/stringobject.c | 8 +++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+diff --git a/Misc/ACKS b/Misc/ACKS
+index 952d6dd..6ea6639 100644
+--- a/Misc/ACKS
+++ b/Misc/ACKS
+@@ -151,6 +151,7 @@ Gregory Bond
+ Matias Bordese
+ Jonas Borgström
+ Jurjen Bos
+Jay Bosamiya
+ Peter Bosch
+ Dan Boswell
+ Eric Bouck
+diff --git a/Misc/NEWS b/Misc/NEWS
+index b779e82..ab0b687 100644
+--- a/Misc/NEWS
+++ b/Misc/NEWS
+@@ -21,6 +21,9 @@ What's New in Python 2.7.13 release candidate 1?
+ Core and Builtins
+ -----------------
+ 
+- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape.
+  Patch by Jay Bosamiya.
+
+ - Issue #28847: dumbdbm no longer writes the index file in when it is not
+   changed and supports reading read-only files.
+ 
+diff --git a/Objects/stringobject.c b/Objects/stringobject.c
+index 4e38735..6c31c5b 100644
+--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
+@@ -612,7 +612,13 @@ PyObject *PyString_DecodeEscape(const char *s,
+     char *p, *buf;
+     const char *end;
+     PyObject *v;
+-    Py_ssize_t newlen = recode_encoding ? 4*len:len;
+    Py_ssize_t newlen;
+    /* Check for integer overflow */
+    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
+        PyErr_SetString(PyExc_OverflowError, "string is too large");
+        return NULL;
+    }
+    newlen = recode_encoding ? 4*len:len;
+     v = PyString_FromStringAndSize((char *)NULL, newlen);
+     if (v == NULL)
+         return NULL;

diff --git a/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch b/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch new file mode 100644 index 0000000..b94ae06 --- /dev/null +++ b/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch
@@ -0,0 +1,62 @@
	1	From cab6444ff39a91084bdac08d0ae66734cea943f6 Mon Sep 17 00:00:00 2001
	2	From: Andreas Wellving <andreas.wellving@enea.com>
	3	Date: Mon, 22 Oct 2018 10:13:00 +0200
	4	Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in PyString_DecodeEscape (#2174)
	5
	6	CVE: CVE-2017-1000158
	7	Upstream-Status: Backport [https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae]
	8
	9	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	10	---
	11	Misc/ACKS \| 1 +
	12	Misc/NEWS \| 3 +++
	13	Objects/stringobject.c \| 8 +++++++-
	14	3 files changed, 11 insertions(+), 1 deletion(-)
	15
	16	diff --git a/Misc/ACKS b/Misc/ACKS
	17	index 952d6dd..6ea6639 100644
	18	--- a/Misc/ACKS
	19	+++ b/Misc/ACKS
	20	@@ -151,6 +151,7 @@ Gregory Bond
	21	Matias Bordese
	22	Jonas Borgström
	23	Jurjen Bos
	24	+Jay Bosamiya
	25	Peter Bosch
	26	Dan Boswell
	27	Eric Bouck
	28	diff --git a/Misc/NEWS b/Misc/NEWS
	29	index b779e82..ab0b687 100644
	30	--- a/Misc/NEWS
	31	+++ b/Misc/NEWS
	32	@@ -21,6 +21,9 @@ What's New in Python 2.7.13 release candidate 1?
	33	Core and Builtins
	34	-----------------
	35
	36	+- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape.
	37	+ Patch by Jay Bosamiya.
	38	+
	39	- Issue #28847: dumbdbm no longer writes the index file in when it is not
	40	changed and supports reading read-only files.
	41
	42	diff --git a/Objects/stringobject.c b/Objects/stringobject.c
	43	index 4e38735..6c31c5b 100644
	44	--- a/Objects/stringobject.c
	45	+++ b/Objects/stringobject.c
	46	@@ -612,7 +612,13 @@ PyObject PyString_DecodeEscape(const char s,
	47	char p, buf;
	48	const char *end;
	49	PyObject *v;
	50	- Py_ssize_t newlen = recode_encoding ? 4*len:len;
	51	+ Py_ssize_t newlen;
	52	+ /* Check for integer overflow */
	53	+ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
	54	+ PyErr_SetString(PyExc_OverflowError, "string is too large");
	55	+ return NULL;
	56	+ }
	57	+ newlen = recode_encoding ? 4*len:len;
	58	v = PyString_FromStringAndSize((char *)NULL, newlen);
	59	if (v == NULL)
	60	return NULL;
	61
	62