diff options
Diffstat (limited to 'recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch')
-rw-r--r-- | recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch b/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch new file mode 100644 index 0000000..b94ae06 --- /dev/null +++ b/recipes-devtools/python/python/CVE-2017-1000158-2.7-bpo-30657-Check-prevent-integer-overflow-in-PySt.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From cab6444ff39a91084bdac08d0ae66734cea943f6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Wellving <andreas.wellving@enea.com> | ||
3 | Date: Mon, 22 Oct 2018 10:13:00 +0200 | ||
4 | Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in PyString_DecodeEscape (#2174) | ||
5 | |||
6 | CVE: CVE-2017-1000158 | ||
7 | Upstream-Status: Backport [https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae] | ||
8 | |||
9 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
10 | --- | ||
11 | Misc/ACKS | 1 + | ||
12 | Misc/NEWS | 3 +++ | ||
13 | Objects/stringobject.c | 8 +++++++- | ||
14 | 3 files changed, 11 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/Misc/ACKS b/Misc/ACKS | ||
17 | index 952d6dd..6ea6639 100644 | ||
18 | --- a/Misc/ACKS | ||
19 | +++ b/Misc/ACKS | ||
20 | @@ -151,6 +151,7 @@ Gregory Bond | ||
21 | Matias Bordese | ||
22 | Jonas Borgström | ||
23 | Jurjen Bos | ||
24 | +Jay Bosamiya | ||
25 | Peter Bosch | ||
26 | Dan Boswell | ||
27 | Eric Bouck | ||
28 | diff --git a/Misc/NEWS b/Misc/NEWS | ||
29 | index b779e82..ab0b687 100644 | ||
30 | --- a/Misc/NEWS | ||
31 | +++ b/Misc/NEWS | ||
32 | @@ -21,6 +21,9 @@ What's New in Python 2.7.13 release candidate 1? | ||
33 | Core and Builtins | ||
34 | ----------------- | ||
35 | |||
36 | +- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape. | ||
37 | + Patch by Jay Bosamiya. | ||
38 | + | ||
39 | - Issue #28847: dumbdbm no longer writes the index file in when it is not | ||
40 | changed and supports reading read-only files. | ||
41 | |||
42 | diff --git a/Objects/stringobject.c b/Objects/stringobject.c | ||
43 | index 4e38735..6c31c5b 100644 | ||
44 | --- a/Objects/stringobject.c | ||
45 | +++ b/Objects/stringobject.c | ||
46 | @@ -612,7 +612,13 @@ PyObject *PyString_DecodeEscape(const char *s, | ||
47 | char *p, *buf; | ||
48 | const char *end; | ||
49 | PyObject *v; | ||
50 | - Py_ssize_t newlen = recode_encoding ? 4*len:len; | ||
51 | + Py_ssize_t newlen; | ||
52 | + /* Check for integer overflow */ | ||
53 | + if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) { | ||
54 | + PyErr_SetString(PyExc_OverflowError, "string is too large"); | ||
55 | + return NULL; | ||
56 | + } | ||
57 | + newlen = recode_encoding ? 4*len:len; | ||
58 | v = PyString_FromStringAndSize((char *)NULL, newlen); | ||
59 | if (v == NULL) | ||
60 | return NULL; | ||
61 | |||
62 | |||