blob: 02cc83d31499b23dc507fb784c1574ef9bf35b22 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Upstream-Status: Backport
Reference: http://bugs.python.org/issue20246
CVE-2014-1912: Python buffer overflow in socket.recvfrom_into()
lets remote users execute arbitrary code.Original patch by Benjamin Peterson
Signed-off-by: Maxin B. John <maxin.john@enea.com>
---
diff -r 40fb60df4755 Modules/socketmodule.c
--- a/Modules/socketmodule.c Sun Jan 12 12:11:47 2014 +0200
+++ b/Modules/socketmodule.c Mon Jan 13 16:36:35 2014 -0800
@@ -2744,6 +2744,13 @@
recvlen = buflen;
}
+ /* Check if the buffer is large enough */
+ if (buflen < recvlen) {
+ PyErr_SetString(PyExc_ValueError,
+ "buffer too small for requested bytes");
+ goto error;
+ }
+
readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
if (readlen < 0) {
/* Return an error */
|