Fixed buffer overflow (upstream patch)

Resolves: rhbz#1062374
2014-02-10 14:42:12 +01:00 · 2014-02-10 14:42:12 +01:00 · c8f16f3941
commit c8f16f3941
parent a39396d0b5
2 changed files with 55 additions and 1 deletions
--- a/00192-buffer-overflow.patch
+++ b/00192-buffer-overflow.patch
@ -0,0 +1,42 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1389672775 18000
+# Node ID 7f176a45211ff3cb85a2fbdc75f7979d642bb563
+# Parent  ed1c27b68068c942c6e845bdf8e987e963d50920# Parent  9c56217e5c793685eeaf0ee224848c402bdf1e4c
+merge 3.2 (#20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
+@@ -4538,6 +4538,14 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
+    def testRecvFromIntoSmallBuffer(self):
+        # See issue #20246.
+        buf = bytearray(8)
+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+    def _testRecvFromIntoSmallBuffer(self):
+        self.serv_conn.send(MSG*2048)
+
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
+@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyBuffer_Release(&pbuf);
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        return NULL;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+
--- a/python3.spec
+++ b/python3.spec
@ -126,7 +126,7 @@
 Summary: Version 3 of the Python programming language aka Python 3000
 Name: python3
 Version: %{pybasever}.2
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: Python
 Group: Development/Languages

@ -629,6 +629,13 @@ Patch186: 00186-dont-raise-from-py_compile.patch
 # See http://bugs.python.org/issue17997#msg194950 for more.
 Patch187: 00187-change-match_hostname-to-follow-RFC-6125.patch

+# 00192 #
+#
+# Fixing buffer overflow (upstream patch)
+# rhbz#1062375
+Patch192: 00192-buffer-overflow.patch
+
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora 17 onwards,
@ -890,6 +897,7 @@ done
 %patch185 -p1
 %patch186 -p1
 %patch187 -p1
+%patch192 -p1

 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
 # are many differences between 2.6 and the Python 3 library.
@ -1738,6 +1746,10 @@ rm -fr %{buildroot}
 # ======================================================

 %changelog
+* Mon Feb 10 2014 Tomas Radej <tradej@redhat.com> - 3.3.2-10
+- Fixed buffer overflow (upstream patch)
+Resolves: rhbz#1062374
+
 * Tue Feb 04 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 3.3.2-9
 - Install macros in _rpmconfigdir.