Blob Blame Raw
From ae99040f6c1f329d6b6c984f39c920f09d383925 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Mon, 11 Jul 2016 11:21:29 +0200
Subject: [PATCH] CVE-2016-5636 fix

---
 Modules/zipimport.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Modules/zipimport.c b/Modules/zipimport.c
index 8fe9195..f72e89f 100644
--- a/Modules/zipimport.c
+++ b/Modules/zipimport.c
@@ -1071,6 +1071,10 @@ get_data(PyObject *archive, PyObject *toc_entry)
                           &date, &crc)) {
         return NULL;
     }
+    if (data_size < 0) {
+        PyErr_Format(ZipImportError, "negative data size");
+        return NULL;
+    }
 
     fp = _Py_fopen_obj(archive, "rb");
     if (!fp) {
@@ -1111,6 +1115,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
     }
     file_offset += l;           /* Start of file data */
 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
     bytes_size = compress == 0 ? data_size : data_size + 1;
     if (bytes_size == 0)
         bytes_size++;
-- 
2.7.4