diff options
| author | Soumya Sambu <soumya.sambu@windriver.com> | 2025-01-10 13:17:57 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2025-01-22 19:20:15 -0500 |
| commit | 46701493ac4201c76aad1aeaf28e9b35851398ec (patch) | |
| tree | 7d5cb5fc2f251532dcf64dc492e83a74963ecf7e /meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch | |
| parent | 91d60c9b0aafc368acdc034cc5f86fdf7d0a3343 (diff) | |
| download | meta-openembedded-46701493ac4201c76aad1aeaf28e9b35851398ec.tar.gz | |
python3-django: Fix CVE-2024-41989
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The
floatformat template filter is subject to significant memory consumption when
given a string representation of a number in scientific notation with a large
exponent.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41989
Upstream-patches:
https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124
https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c
https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch new file mode 100644 index 0000000000..1cd99df8b2 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2024-41989-0004.patch | |||
| @@ -0,0 +1,81 @@ | |||
| 1 | From fc76660f589ac07e45e9cd34ccb8087aeb11904b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | ||
| 3 | Date: Fri, 12 Jul 2024 11:38:34 +0200 | ||
| 4 | Subject: [PATCH] [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory | ||
| 5 | consumption in floatformat. | ||
| 6 | |||
| 7 | Thanks Elias Myllymäki for the report. | ||
| 8 | |||
| 9 | Co-authored-by: Shai Berger <shai@platonix.com> | ||
| 10 | |||
| 11 | CVE: CVE-2024-41989 | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b] | ||
| 14 | |||
| 15 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
| 16 | --- | ||
| 17 | django/template/defaultfilters.py | 13 +++++++++++++ | ||
| 18 | .../filter_tests/test_floatformat.py | 17 +++++++++++++++++ | ||
| 19 | 2 files changed, 30 insertions(+) | ||
| 20 | |||
| 21 | diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py | ||
| 22 | index a1d77f5..4884852 100644 | ||
| 23 | --- a/django/template/defaultfilters.py | ||
| 24 | +++ b/django/template/defaultfilters.py | ||
| 25 | @@ -135,6 +135,19 @@ def floatformat(text, arg=-1): | ||
| 26 | except ValueError: | ||
| 27 | return input_val | ||
| 28 | |||
| 29 | + _, digits, exponent = d.as_tuple() | ||
| 30 | + try: | ||
| 31 | + number_of_digits_and_exponent_sum = len(digits) + abs(exponent) | ||
| 32 | + except TypeError: | ||
| 33 | + # Exponent values can be "F", "n", "N". | ||
| 34 | + number_of_digits_and_exponent_sum = 0 | ||
| 35 | + | ||
| 36 | + # Values with more than 200 digits, or with a large exponent, are returned "as is" | ||
| 37 | + # to avoid high memory consumption and potential denial-of-service attacks. | ||
| 38 | + # The cut-off of 200 is consistent with django.utils.numberformat.floatformat(). | ||
| 39 | + if number_of_digits_and_exponent_sum > 200: | ||
| 40 | + return input_val | ||
| 41 | + | ||
| 42 | try: | ||
| 43 | m = int(d) - d | ||
| 44 | except (ValueError, OverflowError, InvalidOperation): | ||
| 45 | diff --git a/tests/template_tests/filter_tests/test_floatformat.py b/tests/template_tests/filter_tests/test_floatformat.py | ||
| 46 | index cfc3eaf..bd0a998 100644 | ||
| 47 | --- a/tests/template_tests/filter_tests/test_floatformat.py | ||
| 48 | +++ b/tests/template_tests/filter_tests/test_floatformat.py | ||
| 49 | @@ -55,6 +55,7 @@ class FunctionTests(SimpleTestCase): | ||
| 50 | self.assertEqual(floatformat(1.5e-15, 20), '0.00000000000000150000') | ||
| 51 | self.assertEqual(floatformat(1.5e-15, -20), '0.00000000000000150000') | ||
| 52 | self.assertEqual(floatformat(1.00000000000000015, 16), '1.0000000000000002') | ||
| 53 | + self.assertEqual(floatformat("1e199"), "1" + "0" * 199) | ||
| 54 | |||
| 55 | def test_zero_values(self): | ||
| 56 | self.assertEqual(floatformat(0, 6), '0.000000') | ||
| 57 | @@ -68,6 +69,22 @@ class FunctionTests(SimpleTestCase): | ||
| 58 | self.assertEqual(floatformat(pos_inf), 'inf') | ||
| 59 | self.assertEqual(floatformat(neg_inf), '-inf') | ||
| 60 | self.assertEqual(floatformat(pos_inf / pos_inf), 'nan') | ||
| 61 | + self.assertEqual(floatformat("inf"), "inf") | ||
| 62 | + self.assertEqual(floatformat("NaN"), "NaN") | ||
| 63 | + | ||
| 64 | + def test_too_many_digits_to_render(self): | ||
| 65 | + cases = [ | ||
| 66 | + "1e200", | ||
| 67 | + "1E200", | ||
| 68 | + "1E10000000000000000", | ||
| 69 | + "-1E10000000000000000", | ||
| 70 | + "1e10000000000000000", | ||
| 71 | + "-1e10000000000000000", | ||
| 72 | + "1" + "0" * 1_000_000, | ||
| 73 | + ] | ||
| 74 | + for value in cases: | ||
| 75 | + with self.subTest(value=value): | ||
| 76 | + self.assertEqual(floatformat(value), value) | ||
| 77 | |||
| 78 | def test_float_dunder_method(self): | ||
| 79 | class FloatWrapper: | ||
| 80 | -- | ||
| 81 | 2.40.0 | ||