File CVE-2014-1912-recvfrom_into.patch of Package python-base

# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1389671978 18000
# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
# Parent  2631d33ee7fbd5f0288931ef37872218d511d2e8
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

Index: Python-2.7.6/Lib/test/test_socket.py
===================================================================
--- Python-2.7.6.orig/Lib/test/test_socket.py	2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/test/test_socket.py	2014-02-13 18:04:12.710244327 +0100
@@ -1616,6 +1616,16 @@
 
     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
 
+    def testRecvFromIntoSmallBuffer(self):
+        # See issue #20246.
+        buf = bytearray(8)
+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+    def _testRecvFromIntoSmallBuffer(self):
+        with test_support.check_py3k_warnings():
+            buf = buffer(MSG)
+        self.serv_conn.send(buf)
+
 
 TIPC_STYPE = 2000
 TIPC_LOWER = 200
Index: Python-2.7.6/Misc/ACKS
===================================================================
--- Python-2.7.6.orig/Misc/ACKS	2013-11-10 08:36:41.000000000 +0100
+++ Python-2.7.6/Misc/ACKS	2014-02-13 18:04:12.710244327 +0100
@@ -973,6 +973,7 @@
 Christopher Smith
 Gregory P. Smith
 Roy Smith
+Ryan Smith-Roberts
 Rafal Smotrzyk
 Dirk Soede
 Paul Sokolovsky
Index: Python-2.7.6/Modules/socketmodule.c
===================================================================
--- Python-2.7.6.orig/Modules/socketmodule.c	2013-11-10 08:36:41.000000000 +0100
+++ Python-2.7.6/Modules/socketmodule.c	2014-02-13 18:04:12.711244332 +0100
@@ -2742,6 +2742,10 @@
     if (recvlen == 0) {
         /* If nbytes was not specified, use the buffer's length */
         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        goto error;
     }
 
     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);