diff options
author | Maxin B. John <maxin.john@enea.com> | 2014-04-07 17:48:11 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-04-09 09:53:14 +0100 |
commit | e34ad1e27b7db3237ae0435864cced32133d7025 (patch) | |
tree | ebd140fed44797b530c929caee7060ccece2106a /meta/recipes-devtools/python | |
parent | 398a971f92bfe67ab3dad6420a4adf29ace66a55 (diff) | |
download | poky-e34ad1e27b7db3237ae0435864cced32133d7025.tar.gz |
python: Fix CVE-2014-1912
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.
This back-ported patch fixes CVE-2014-1912
(From OE-Core rev: 344049ccfa59ae489c35fe0fb7592f7d34720b51)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python')
-rw-r--r-- | meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch | 26 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python_2.7.3.bb | 1 |
2 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch new file mode 100644 index 0000000000..02cc83d314 --- /dev/null +++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-1912.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | Reference: http://bugs.python.org/issue20246 | ||
4 | |||
5 | CVE-2014-1912: Python buffer overflow in socket.recvfrom_into() | ||
6 | lets remote users execute arbitrary code.Original patch by Benjamin Peterson | ||
7 | |||
8 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | ||
9 | --- | ||
10 | diff -r 40fb60df4755 Modules/socketmodule.c | ||
11 | --- a/Modules/socketmodule.c Sun Jan 12 12:11:47 2014 +0200 | ||
12 | +++ b/Modules/socketmodule.c Mon Jan 13 16:36:35 2014 -0800 | ||
13 | @@ -2744,6 +2744,13 @@ | ||
14 | recvlen = buflen; | ||
15 | } | ||
16 | |||
17 | + /* Check if the buffer is large enough */ | ||
18 | + if (buflen < recvlen) { | ||
19 | + PyErr_SetString(PyExc_ValueError, | ||
20 | + "buffer too small for requested bytes"); | ||
21 | + goto error; | ||
22 | + } | ||
23 | + | ||
24 | readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr); | ||
25 | if (readlen < 0) { | ||
26 | /* Return an error */ | ||
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb index c7bb9b4131..0d641720f1 100644 --- a/meta/recipes-devtools/python/python_2.7.3.bb +++ b/meta/recipes-devtools/python/python_2.7.3.bb | |||
@@ -35,6 +35,7 @@ SRC_URI += "\ | |||
35 | file://parallel-makeinst-create-bindir.patch \ | 35 | file://parallel-makeinst-create-bindir.patch \ |
36 | file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \ | 36 | file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \ |
37 | file://python-fix-build-error-with-Readline-6.3.patch \ | 37 | file://python-fix-build-error-with-Readline-6.3.patch \ |
38 | file://python-2.7.3-CVE-2014-1912.patch \ | ||
38 | " | 39 | " |
39 | 40 | ||
40 | S = "${WORKDIR}/Python-${PV}" | 41 | S = "${WORKDIR}/Python-${PV}" |