diff --git a/00192-buffer-overflow.patch b/00192-buffer-overflow.patch new file mode 100644 index 0000000..164b462 --- /dev/null +++ b/00192-buffer-overflow.patch @@ -0,0 +1,43 @@ + +# HG changeset patch +# User Benjamin Peterson +# Date 1389671978 18000 +# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9 +# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8 +complain when nbytes > buflen to fix possible buffer overflow (closes #20246) + +diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py +--- a/Lib/test/test_socket.py ++++ b/Lib/test/test_socket.py +@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest): + + _testRecvFromIntoMemoryview = _testRecvFromIntoArray + ++ def testRecvFromIntoSmallBuffer(self): ++ # See issue #20246. ++ buf = bytearray(8) ++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) ++ ++ def _testRecvFromIntoSmallBuffer(self): ++ with test_support.check_py3k_warnings(): ++ buf = buffer(MSG*2048) ++ self.serv_conn.send(buf) ++ + + TIPC_STYPE = 2000 + TIPC_LOWER = 200 +diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c +--- a/Modules/socketmodule.c ++++ b/Modules/socketmodule.c +@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s + if (recvlen == 0) { + /* If nbytes was not specified, use the buffer's length */ + recvlen = buflen; ++ } else if (recvlen > buflen) { ++ PyErr_SetString(PyExc_ValueError, ++ "nbytes is greater than the length of the buffer"); ++ goto error; + } + + readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr); + diff --git a/python.spec b/python.spec index 670b968..989a5c3 100644 --- a/python.spec +++ b/python.spec @@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{python} # Remember to also rebase python-docs when changing this: Version: 2.7.6 -Release: 2%{?dist} +Release: 3%{?dist} License: Python Group: Development/Languages Requires: %{python}-libs%{?_isa} = %{version}-%{release} @@ -853,6 +853,13 @@ Patch190: 00190-get_python_version.patch # Disabling NOOP test as it fails without internet connection Patch191: 00191-disable-NOOP.patch +# 00192 # +# +# Fixing buffer overflow (upstream patch) +# rhbz#1062375 +Patch192: 00192-buffer-overflow.patch + + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -1203,6 +1210,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c %patch189 -p1 %patch190 -p1 %patch191 -p1 +%patch192 -p1 # This shouldn't be necesarry, but is right now (2.2a3) @@ -2037,6 +2045,10 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Mon Feb 10 2014 Tomas Radej - 2.7.6-3 +- Fixed buffer overflow (upstream patch) +Resolves: rhbz#1062375 + * Tue Feb 04 2014 Bohuslav Kabrda - 2.7.6-2 - Install macros in _rpmconfigdir.