Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 381668 Details for
Bug 500518
<dev-lang/python-{2.7.7,3.2.5-r6,3.3.4} : "sock_recvfrom_into()" Buffer Overflow Vulnerability (CVE-2014-1912)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2014-1912-recvfrom_into.patch
CVE-2014-1912-recvfrom_into.patch (text/plain), 1.99 KB, created by
Andrey Ovcharov
on 2014-07-27 19:04:35 UTC
(
hide
)
Description:
CVE-2014-1912-recvfrom_into.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2014-07-27 19:04:35 UTC
Size:
1.99 KB
patch
obsolete
> ># HG changeset patch ># User Benjamin Peterson <benjamin@python.org> ># Date 1389671978 18000 ># Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9 ># Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8 >complain when nbytes > buflen to fix possible buffer overflow (closes #20246) > >Index: Python-2.7.6/Lib/test/test_socket.py >=================================================================== >--- Python-2.7.6.orig/Lib/test/test_socket.py 2013-11-10 08:36:40.000000000 +0100 >+++ Python-2.7.6/Lib/test/test_socket.py 2014-02-13 18:04:12.710244327 +0100 >@@ -1616,6 +1616,16 @@ > > _testRecvFromIntoMemoryview = _testRecvFromIntoArray > >+ def testRecvFromIntoSmallBuffer(self): >+ # See issue #20246. >+ buf = bytearray(8) >+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) >+ >+ def _testRecvFromIntoSmallBuffer(self): >+ with test_support.check_py3k_warnings(): >+ buf = buffer(MSG) >+ self.serv_conn.send(buf) >+ > > TIPC_STYPE = 2000 > TIPC_LOWER = 200 >Index: Python-2.7.6/Misc/ACKS >=================================================================== >--- Python-2.7.6.orig/Misc/ACKS 2013-11-10 08:36:41.000000000 +0100 >+++ Python-2.7.6/Misc/ACKS 2014-02-13 18:04:12.710244327 +0100 >@@ -973,6 +973,7 @@ > Christopher Smith > Gregory P. Smith > Roy Smith >+Ryan Smith-Roberts > Rafal Smotrzyk > Dirk Soede > Paul Sokolovsky >Index: Python-2.7.6/Modules/socketmodule.c >=================================================================== >--- Python-2.7.6.orig/Modules/socketmodule.c 2013-11-10 08:36:41.000000000 +0100 >+++ Python-2.7.6/Modules/socketmodule.c 2014-02-13 18:04:12.711244332 +0100 >@@ -2742,6 +2742,10 @@ > if (recvlen == 0) { > /* If nbytes was not specified, use the buffer's length */ > recvlen = buflen; >+ } else if (recvlen > buflen) { >+ PyErr_SetString(PyExc_ValueError, >+ "nbytes is greater than the length of the buffer"); >+ goto error; > } > > readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 500518
: 381668