- Mark Python as Secure

- Fix DoS via malformed XML-RPC / HTTP POST Submitted by: rm@ Reported by: many Obtained from: python hg Security: http://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html
author: Martin Wilke <miwi@FreeBSD.org> 2012-02-18 17:53:53 +0000
committer: Martin Wilke <miwi@FreeBSD.org> 2012-02-18 17:53:53 +0000
commit: c70027929c625a6c7a644180cb76d4bdfcf68a9c (patch)
tree: f1b6b8247bd5625e6389d008814bb35ab4ac68e1 /lang/python25/files
parent: A RESTful web framework with strong compile-time guarantees of correctness. (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/lang/python25/files/patch-CVE-2012-0845 b/lang/python25/files/patch-CVE-2012-0845
new file mode 100644
index 000000000000..a205a7de0ea5
--- /dev/null
+++ b/lang/python25/files/patch-CVE-2012-0845
@@ -0,0 +1,14 @@
+--- Lib/SimpleXMLRPCServer.py.orig	2011-06-11 19:46:23.000000000 +0400
++++ Lib/SimpleXMLRPCServer.py	2012-02-15 12:50:23.000000000 +0400
+@@ -486,7 +486,10 @@
+             L = []
+             while size_remaining:
+                 chunk_size = min(size_remaining, max_chunk_size)
+-                L.append(self.rfile.read(chunk_size))
++                chunk = self.rfile.read(chunk_size)
++                if not chunk:
++                    break
++                L.append(chunk)
+                 size_remaining -= len(L[-1])
+             data = ''.join(L)
+
author	Martin Wilke <miwi@FreeBSD.org>	2012-02-18 17:53:53 +0000
committer	Martin Wilke <miwi@FreeBSD.org>	2012-02-18 17:53:53 +0000
commit	c70027929c625a6c7a644180cb76d4bdfcf68a9c (patch)
tree	f1b6b8247bd5625e6389d008814bb35ab4ac68e1 /lang/python25/files
parent	A RESTful web framework with strong compile-time guarantees of correctness. (diff)