Blame 00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch
|
 |
a8ffdf3 |
From 531dfa4bcfe55d5cd1524425944b07c5b02bddf9 Mon Sep 17 00:00:00 2001
|
|
|
a8ffdf3 |
From: Charalampos Stratakis <cstratak@redhat.com>
|
|
|
a8ffdf3 |
Date: Fri, 8 Jul 2016 17:16:41 +0200
|
|
|
a8ffdf3 |
Subject: [PATCH] CVE-2016-5636 fix
|
|
|
a8ffdf3 |
|
|
|
a8ffdf3 |
---
|
|
|
a8ffdf3 |
Modules/zipimport.c | 9 +++++++++
|
|
|
a8ffdf3 |
1 file changed, 9 insertions(+)
|
|
|
a8ffdf3 |
|
|
|
a8ffdf3 |
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
|
|
|
a8ffdf3 |
index 06abb31..4d0d1de 100644
|
|
|
a8ffdf3 |
--- a/Modules/zipimport.c
|
|
|
a8ffdf3 |
+++ b/Modules/zipimport.c
|
|
|
a8ffdf3 |
@@ -1076,6 +1076,10 @@ get_data(PyObject *archive, PyObject *toc_entry)
|
|
|
a8ffdf3 |
&date, &crc)) {
|
|
|
a8ffdf3 |
return NULL;
|
|
|
a8ffdf3 |
}
|
|
|
a8ffdf3 |
+ if (data_size < 0) {
|
|
|
a8ffdf3 |
+ PyErr_Format(ZipImportError, "negative data size");
|
|
|
a8ffdf3 |
+ return NULL;
|
|
|
a8ffdf3 |
+ }
|
|
|
a8ffdf3 |
|
|
|
a8ffdf3 |
fp = _Py_fopen_obj(archive, "rb");
|
|
|
a8ffdf3 |
if (!fp)
|
|
|
a8ffdf3 |
@@ -1112,6 +1116,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
|
|
|
a8ffdf3 |
}
|
|
|
a8ffdf3 |
file_offset += l; /* Start of file data */
|
|
|
a8ffdf3 |
|
|
|
a8ffdf3 |
+ if (data_size > LONG_MAX - 1) {
|
|
|
a8ffdf3 |
+ fclose(fp);
|
|
|
a8ffdf3 |
+ PyErr_NoMemory();
|
|
|
a8ffdf3 |
+ return NULL;
|
|
|
a8ffdf3 |
+ }
|
|
|
a8ffdf3 |
bytes_size = compress == 0 ? data_size : data_size + 1;
|
|
|
a8ffdf3 |
if (bytes_size == 0)
|
|
|
a8ffdf3 |
bytes_size++;
|
|
|
a8ffdf3 |
--
|
|
|
a8ffdf3 |
2.7.4
|
|
|
a8ffdf3 |
|