File CVE-2014-1912-recvfrom_into.patch of Package python.6852

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2014-1912-recvfrom_into.patch of Package python.6852

# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1389671978 18000
# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
# Parent  2631d33ee7fbd5f0288931ef37872218d511d2e8
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)

Index: Python-2.6.9/Lib/test/test_socket.py
===================================================================
--- Python-2.6.9.orig/Lib/test/test_socket.py	2013-10-29 16:04:38.000000000 +0100
+++ Python-2.6.9/Lib/test/test_socket.py	2014-03-28 12:50:04.633854036 +0100
@@ -1239,6 +1239,16 @@
             buf = buffer(MSG)
         self.serv_conn.send(buf)
 
+    def testRecvFromIntoSmallBuffer(self):
+        # See issue #20246.
+        buf = array.array('c', ' '*8)
+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+    def _testRecvFromIntoSmallBuffer(self):
+        with test_support._check_py3k_warnings():
+            buf = buffer(MSG)
+        self.serv_conn.send(buf)
+
 
 TIPC_STYPE = 2000
 TIPC_LOWER = 200
@@ -1317,7 +1327,6 @@
         self.cli.send(MSG)
         self.cli.close()
 
-
 def test_main():
     tests = [GeneralModuleTests, BasicTCPTest, TCPCloserTest, TCPTimeoutTest,
              TestExceptions, BufferIOTest, BasicTCPTest2]
Index: Python-2.6.9/Misc/ACKS
===================================================================
--- Python-2.6.9.orig/Misc/ACKS	2014-03-28 12:12:40.454013420 +0100
+++ Python-2.6.9/Misc/ACKS	2014-03-28 12:13:26.478245491 +0100
@@ -678,6 +678,7 @@
 Eric V. Smith
 Christopher Smith
 Gregory P. Smith
+Ryan Smith-Roberts
 Rafal Smotrzyk
 Dirk Soede
 Paul Sokolovsky
Index: Python-2.6.9/Modules/socketmodule.c
===================================================================
--- Python-2.6.9.orig/Modules/socketmodule.c	2013-10-29 16:04:39.000000000 +0100
+++ Python-2.6.9/Modules/socketmodule.c	2014-03-28 12:33:15.527473949 +0100
@@ -2625,6 +2625,10 @@
     if (recvlen == 0) {
         /* If nbytes was not specified, use the buffer's length */
         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        return NULL;
     }
 
     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);

Places

File CVE-2014-1912-recvfrom_into.patch of Package python.6852

Places