Fix possible integer overflow and heap corruption in zipimport module
This commit is contained in:
		
							parent
							
								
									d2c2647ea9
								
							
						
					
					
						commit
						5279a7c9ec
					
				
							
								
								
									
										16
									
								
								00209-prevent-buffer-overflow-in-zipimport-module.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								00209-prevent-buffer-overflow-in-zipimport-module.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,16 @@ | |||||||
|  | diff --git a/Modules/zipimport.c b/Modules/zipimport.c
 | ||||||
|  | index 06abb31..914bf5d 100644
 | ||||||
|  | --- a/Modules/zipimport.c
 | ||||||
|  | +++ b/Modules/zipimport.c
 | ||||||
|  | @@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
 | ||||||
|  |      } | ||||||
|  |      file_offset += l;           /* Start of file data */ | ||||||
|  |   | ||||||
|  | +    if (data_size > LONG_MAX - 1) {
 | ||||||
|  | +        fclose(fp);
 | ||||||
|  | +        PyErr_NoMemory();
 | ||||||
|  | +        return NULL;
 | ||||||
|  | +    }
 | ||||||
|  |      bytes_size = compress == 0 ? data_size : data_size + 1; | ||||||
|  |      if (bytes_size == 0) | ||||||
|  |          bytes_size++; | ||||||
							
								
								
									
										12
									
								
								python3.spec
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								python3.spec
									
									
									
									
									
								
							| @ -112,7 +112,7 @@ | |||||||
| Summary: Version 3 of the Python programming language aka Python 3000 | Summary: Version 3 of the Python programming language aka Python 3000 | ||||||
| Name: python3 | Name: python3 | ||||||
| Version: %{pybasever}.1 | Version: %{pybasever}.1 | ||||||
| Release: 7%{?dist} | Release: 8%{?dist} | ||||||
| License: Python | License: Python | ||||||
| Group: Development/Languages | Group: Development/Languages | ||||||
| 
 | 
 | ||||||
| @ -424,6 +424,12 @@ Patch207: 00207-math-once.patch | |||||||
| # rhbz#1292467 | # rhbz#1292467 | ||||||
| Patch208: 00208-disable-test_with_pip-on-ppc.patch | Patch208: 00208-disable-test_with_pip-on-ppc.patch | ||||||
| 
 | 
 | ||||||
|  | # https://bugs.python.org/issue26171 | ||||||
|  | # https://hg.python.org/cpython/rev/10dad6da1b28/ | ||||||
|  | # Fix possible integer overflow and heap corruption in zipimporter.get_data() | ||||||
|  | # FIXED UPSTREAM | ||||||
|  | Patch209: 00209-prevent-buffer-overflow-in-zipimport-module.patch | ||||||
|  | 
 | ||||||
| # add correct arch for ppc64/ppc64le | # add correct arch for ppc64/ppc64le | ||||||
| # it should be ppc64le-linux-gnu/ppc64-linux-gnu instead powerpc64le-linux-gnu/powerpc64-linux-gnu | # it should be ppc64le-linux-gnu/ppc64-linux-gnu instead powerpc64le-linux-gnu/powerpc64-linux-gnu | ||||||
| Patch5001: python3-powerppc-arch.patch | Patch5001: python3-powerppc-arch.patch | ||||||
| @ -651,6 +657,7 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en | |||||||
| %patch206 -p1 | %patch206 -p1 | ||||||
| %patch207 -p1 | %patch207 -p1 | ||||||
| %patch208 -p1 | %patch208 -p1 | ||||||
|  | %patch209 -p1 | ||||||
| 
 | 
 | ||||||
| # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there | # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there | ||||||
| # are many differences between 2.6 and the Python 3 library. | # are many differences between 2.6 and the Python 3 library. | ||||||
| @ -1552,6 +1559,9 @@ rm -fr %{buildroot} | |||||||
| # ====================================================== | # ====================================================== | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Jun 13 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.5.1-8 | ||||||
|  | - Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() | ||||||
|  | 
 | ||||||
| * Fri Mar 04 2016 Miro Hrončok <mhroncok@redhat.com> - 3.5.1-7 | * Fri Mar 04 2016 Miro Hrončok <mhroncok@redhat.com> - 3.5.1-7 | ||||||
| - Move distutils to system-python-libs | - Move distutils to system-python-libs | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user