summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTudor Florea <tudor.florea@enea.com>2015-07-06 22:42:39 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-07-06 22:42:39 (GMT)
commit34e5a4f013f8bd0158a984bf5ed5b10ca4c1a263 (patch)
treefb55d1ceeff0f05543ffda6714d9a726fc96b28b
parentd5775b10e9b8a611c52607aca97dcd6f4365603f (diff)
downloadpoky-34e5a4f013f8bd0158a984bf5ed5b10ca4c1a263.tar.gz
python: Backport CVE-2013-1752 fix from upstream
This back ported patch fixes CVE-2013-1752 for httplib References: http://bugs.python.org/issue16037 https://access.redhat.com/security/cve/CVE-2013-1752 The httplib module / package can read arbitrary amounts of data from its socket when it's parsing the HTTP header. This may lead to issues when a user connects to a broken HTTP server or something that isn't a HTTP at all Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch45
-rw-r--r--meta/recipes-devtools/python/python_2.7.3.bb1
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch
new file mode 100644
index 0000000..e68f53f
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-httplib-fix.patch
@@ -0,0 +1,45 @@
1Upstream-Status: Backport
2
3CVE-2013-1752: httplib: HTTPMessage.readheaders() raises an HTTPException
4when more than 100 headers are read.
5Patch by Jyrki Pulliainen and Daniel Eriksson.
6
7Signed-off-by: Tudor Florea <tudor.florea@enea.com>
8---
9diff -r 133ee2b48e52 Lib/httplib.py
10--- a/Lib/httplib.py Fri Aug 01 23:51:51 2014 -0700
11+++ b/Lib/httplib.py Sat Aug 02 13:59:25 2014 +0000
12@@ -214,6 +214,7 @@
13
14 # maximal line length when calling readline().
15 _MAXLINE = 65536
16+_MAXHEADERS = 100
17
18 class HTTPMessage(mimetools.Message):
19
20@@ -271,6 +272,8 @@
21 elif self.seekable:
22 tell = self.fp.tell
23 while True:
24+ if len(hlist) > _MAXHEADERS:
25+ raise HTTPException("got more than %d headers" % _MAXHEADERS)
26 if tell:
27 try:
28 startofline = tell()
29diff -r 133ee2b48e52 Lib/test/test_httplib.py
30--- a/Lib/test/test_httplib.py Fri Aug 01 23:51:51 2014 -0700
31+++ b/Lib/test/test_httplib.py Sat Aug 02 13:59:25 2014 +0000
32@@ -262,6 +262,13 @@
33 if resp.read() != "":
34 self.fail("Did not expect response from HEAD request")
35
36+ def test_too_many_headers(self):
37+ headers = '\r\n'.join('Header%d: foo' % i for i in xrange(200)) + '\r\n'
38+ text = ('HTTP/1.1 200 OK\r\n' + headers)
39+ s = FakeSocket(text)
40+ r = httplib.HTTPResponse(s)
41+ self.assertRaises(httplib.HTTPException, r.begin)
42+
43 def test_send_file(self):
44 expected = 'GET /foo HTTP/1.1\r\nHost: example.com\r\n' \
45 'Accept-Encoding: identity\r\nContent-Length:'
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index 0d9ca45..bde7a70 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -39,6 +39,7 @@ SRC_URI += "\
39 file://json-flaw-CVE-2014-4616.patch \ 39 file://json-flaw-CVE-2014-4616.patch \
40 file://python2.7.3-nossl3.patch \ 40 file://python2.7.3-nossl3.patch \
41 file://python-2.7.3-CVE-2014-7185.patch \ 41 file://python-2.7.3-CVE-2014-7185.patch \
42 file://python-2.7.3-CVE-2013-1752-httplib-fix.patch \
42" 43"
43 44
44S = "${WORKDIR}/Python-${PV}" 45S = "${WORKDIR}/Python-${PV}"