meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

python: fix _json module arbitrary process memory read vulnerability

Upstream-Status: submitted

Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>

--- a/Modules/_json.c	2014-07-15 15:37:17.151046356 +0200
+++ b/Modules/_json.c	2014-07-15 15:38:37.335605042 +0200
@@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje
     PyObject *res;
     char *str = PyString_AS_STRING(pystr);
     Py_ssize_t length = PyString_GET_SIZE(pystr);
-    if (idx >= length) {
+    if ( idx < 0 || idx >= length) {
         PyErr_SetNone(PyExc_StopIteration);
         return NULL;
     }
@@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py
     PyObject *res;
     Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
     Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
-    if (idx >= length) {
+    if ( idx < 0 || idx >= length) {
         PyErr_SetNone(PyExc_StopIteration);
         return NULL;
     }