#19 Fix for CVE-2017-1000158 (#1519604)
Closed 2 years ago by churchyard. Opened 2 years ago by churchyard.
rpms/ churchyard/python3 f25-cve-2017-1000158  into  f25

@@ -0,0 +1,25 @@ 

+ From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001

+ From: Jay Bosamiya <jaybosamiya@gmail.com>

+ Date: Sun, 18 Jun 2017 22:11:03 +0530

+ Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in

+  PyString_DecodeEscape (#2174)

+ 

+ diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c

+ index 77dd45e..9b29dc3 100644

+ --- a/Objects/bytesobject.c

+ +++ b/Objects/bytesobject.c

+ @@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,

+      char *p, *buf;

+      const char *end;

+      PyObject *v;

+ -    Py_ssize_t newlen = recode_encoding ? 4*len:len;

+ +    Py_ssize_t newlen;

+ +    /* Check for integer overflow */

+ +    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {

+ +        PyErr_SetString(PyExc_OverflowError, "string is too large");

+ +        return NULL;

+ +    }

+ +    newlen = recode_encoding ? 4*len:len;

+      v = PyBytes_FromStringAndSize((char *)NULL, newlen);

+      if (v == NULL)

+          return NULL;

file modified
+12 -1

@@ -112,7 +112,7 @@ 

  Summary: Version 3 of the Python programming language aka Python 3000

  Name: python3

  Version: %{pybasever}.4

- Release: 2%{?dist}

+ Release: 3%{?dist}

  License: Python

  Group: Development/Languages

  

@@ -394,6 +394,12 @@ 

  # Fixed upstream: https://bugs.python.org/issue31532

  Patch279: 00279-fix-memory-corruption-due-to-allocator-mix.patch

  

+ # 00286 #

+ # CVE-2017-1000158

+ # Check & prevent integer overflow in PyString_DecodeEscape

+ # Fixed upstream for Python 2 only: https://bugs.python.org/issue30657

+ Patch286: 00286-pystring-decodeescape-integer-overflow.patch

+ 

  # (New patches go here ^^^)

  #

  # When adding new patches to "python" and "python3" in Fedora, EL, etc.,

@@ -635,6 +641,7 @@ 

  %patch206 -p1

  %patch243 -p1

  %patch279 -p1

+ %patch286 -p1

  

  # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there

  # are many differences between 2.6 and the Python 3 library.

@@ -1538,6 +1545,10 @@ 

  # ======================================================

  

  %changelog

+ * Fri Dec 01 2017 Miro Hrončok <mhroncok@redhat.com> - 3.5.4-3

+ - Fix for CVE-2017-1000158

+ - rhbz#1519606: https://bugzilla.redhat.com/show_bug.cgi?id=1519604

+ 

  * Mon Oct 09 2017 Charalampos Stratakis <cstratak@redhat.com> - 3.5.4-2

  - Fix memory corruption due to allocator mix

  Resolves: rhbz#1498207

This applies well. However I don't know if it even builds. Opening this early, because I'll go offline, so I like to share what I have.

Koji scratch build in progress: https://koji.fedoraproject.org/koji/taskinfo?taskID=23483171

rebased onto 6827170

2 years ago

Arm failed (possibly unrelated issue). Trying again to exclude some random factors https://koji.fedoraproject.org/koji/taskinfo?taskID=23484530

Scratch build succeeded.

Pull-Request has been closed by churchyard

2 years ago