diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch')
| -rw-r--r-- | meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch b/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch new file mode 100644 index 0000000000..e9a6cca017 --- /dev/null +++ b/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | |||
| 2 | python: fix _json module arbitrary process memory read vulnerability | ||
| 3 | |||
| 4 | Upstream-Status: submitted | ||
| 5 | |||
| 6 | Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com> | ||
| 7 | |||
| 8 | --- a/Modules/_json.c 2014-07-15 15:37:17.151046356 +0200 | ||
| 9 | +++ b/Modules/_json.c 2014-07-15 15:38:37.335605042 +0200 | ||
| 10 | @@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje | ||
| 11 | PyObject *res; | ||
| 12 | char *str = PyString_AS_STRING(pystr); | ||
| 13 | Py_ssize_t length = PyString_GET_SIZE(pystr); | ||
| 14 | - if (idx >= length) { | ||
| 15 | + if ( idx < 0 || idx >= length) { | ||
| 16 | PyErr_SetNone(PyExc_StopIteration); | ||
| 17 | return NULL; | ||
| 18 | } | ||
| 19 | @@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py | ||
| 20 | PyObject *res; | ||
| 21 | Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr); | ||
| 22 | Py_ssize_t length = PyUnicode_GET_SIZE(pystr); | ||
| 23 | - if (idx >= length) { | ||
| 24 | + if ( idx < 0 || idx >= length) { | ||
| 25 | PyErr_SetNone(PyExc_StopIteration); | ||
| 26 | return NULL; | ||
| 27 | } | ||