From c70027929c625a6c7a644180cb76d4bdfcf68a9c Mon Sep 17 00:00:00 2001
From: Martin Wilke <miwi@FreeBSD.org>
Date: Sat, 18 Feb 2012 17:53:53 +0000
Subject: - Mark Python as Secure - Fix DoS via malformed XML-RPC / HTTP POST

Submitted by:	rm@
Reported by:	many
Obtained from:	python hg
Security:	http://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html
---
 lang/python25/files/patch-CVE-2012-0845 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 lang/python25/files/patch-CVE-2012-0845

(limited to 'lang/python25/files')

diff --git a/lang/python25/files/patch-CVE-2012-0845 b/lang/python25/files/patch-CVE-2012-0845
new file mode 100644
index 000000000000..a205a7de0ea5
--- /dev/null
+++ b/lang/python25/files/patch-CVE-2012-0845
@@ -0,0 +1,14 @@
+--- Lib/SimpleXMLRPCServer.py.orig	2011-06-11 19:46:23.000000000 +0400
++++ Lib/SimpleXMLRPCServer.py	2012-02-15 12:50:23.000000000 +0400
+@@ -486,7 +486,10 @@
+             L = []
+             while size_remaining:
+                 chunk_size = min(size_remaining, max_chunk_size)
+-                L.append(self.rfile.read(chunk_size))
++                chunk = self.rfile.read(chunk_size)
++                if not chunk:
++                    break
++                L.append(chunk)
+                 size_remaining -= len(L[-1])
+             data = ''.join(L)
+ 
-- 
cgit v1.2.3