1 files changed, 49 insertions, 0 deletions

diff --git a/lang/python33/files/patch-CVE-2014-1912 b/lang/python33/files/patch-CVE-2014-1912
new file mode 100644
index 000000000000..027d52350e0d
--- /dev/null
+++ b/lang/python33/files/patch-CVE-2014-1912
@@ -0,0 +1,49 @@
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1389672775 18000
+# Node ID 7f176a45211ff3cb85a2fbdc75f7979d642bb563
+# Parent  ed1c27b68068c942c6e845bdf8e987e963d50920# Parent  9c56217e5c793685eeaf0ee224848c402bdf1e4c
+merge 3.2 (#20246)
+
+# HG changeset patch
+# User Stefan Krah <skrah@bytereef.org>
+# Date 1390341520 -3600
+# Node ID 5c4f4db8107cc7b99e0a4e9c7b760c816dafa034
+# Parent  2fe0b2dcc98cd9013642fb9642365de80ff0dc30
+Issue #20246: Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts.
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- Lib/test/test_socket.py
++++ Lib/test/test_socket.py
+@@ -4538,6 +4538,14 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
++    def testRecvFromIntoSmallBuffer(self):
++        # See issue #20246.
++        buf = bytearray(8)
++        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++    def _testRecvFromIntoSmallBuffer(self):
++        self.serv_conn.send(MSG)
++
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- Modules/socketmodule.c
++++ Modules/socketmodule.c
+@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyBuffer_Release(&pbuf);
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        return NULL;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+