diff options
Diffstat (limited to 'lang/python31/files/patch-CVE-2014-1912')
| -rw-r--r-- | lang/python31/files/patch-CVE-2014-1912 | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/lang/python31/files/patch-CVE-2014-1912 b/lang/python31/files/patch-CVE-2014-1912 new file mode 100644 index 000000000000..fe786ab766fc --- /dev/null +++ b/lang/python31/files/patch-CVE-2014-1912 @@ -0,0 +1,50 @@ +# HG changeset patch +# User Benjamin Peterson <benjamin@python.org> +# Date 1389672374 18000 +# Node ID 715fd3d8ac93878e49a072474a4706a449720d9b +# Parent b1ddcb220a7f375146c090a854438cf31fa3a388# Parent 87673659d8f7ba1623cd4914f09ad3d2ade034e9 +complain when nbytes > buflen to fix possible buffer overflow (closes #20246) + +# HG changeset patch +# User Stefan Krah <skrah@bytereef.org> +# Date 1390341520 -3600 +# Node ID c25e1442529f16ba5fb9df8786a019866b0686e9 +# Parent fbb4d48046e564dd89511598dbbf04422ac6da35 +Issue #20246: Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts. + +diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py +--- Lib/test/test_socket.py ++++ Lib/test/test_socket.py +@@ -1424,6 +1424,14 @@ class BufferIOTest(SocketConnectedTest): + buf = bytes(MSG) + self.serv_conn.send(buf) + ++ def testRecvFromIntoSmallBuffer(self): ++ # See issue #20246. ++ buf = bytearray(8) ++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) ++ ++ def _testRecvFromIntoSmallBuffer(self): ++ self.serv_conn.send(MSG) ++ + + TIPC_STYPE = 2000 + TIPC_LOWER = 200 + +diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c +--- Modules/socketmodule.c ++++ Modules/socketmodule.c +@@ -2494,6 +2494,12 @@ sock_recvfrom_into(PySocketSockObject *s + if (recvlen == 0) { + /* If nbytes was not specified, use the buffer's length */ + recvlen = buflen; ++ } else if (recvlen > buflen) { ++ PyBuffer_Release(&pbuf); ++ Py_XDECREF(addr); ++ PyErr_SetString(PyExc_ValueError, ++ "nbytes is greater than the length of the buffer"); ++ return NULL; + } + + readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); + |