Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 381670 Details for
Bug 514686
<dev-lang/python-{2.7.7,3.2.5-r5,3.3.5-r1}: _json module is vulnerable to arbitrary process memory read (CVE-2014-4616)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2014-4616-json-bounds-check.patch
CVE-2014-4616-json-bounds-check.patch (text/plain), 2.31 KB, created by
Andrey Ovcharov
on 2014-07-27 19:05:23 UTC
(
hide
)
Description:
CVE-2014-4616-json-bounds-check.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2014-07-27 19:05:23 UTC
Size:
2.31 KB
patch
obsolete
> ># HG changeset patch ># User Benjamin Peterson <benjamin@python.org> ># Date 1397441438 14400 ># Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0 ># Parent 218e28a935ab4494d05215c243e2129625a71893 >in scan_once, prevent the reading of arbitrary memory when passed a negative index > >Bug reported by Guido Vranken. > >Index: Python-2.7.6/Lib/json/tests/test_decode.py >=================================================================== >--- Python-2.7.6.orig/Lib/json/tests/test_decode.py 2014-06-26 18:40:10.825269130 +0200 >+++ Python-2.7.6/Lib/json/tests/test_decode.py 2014-06-26 18:40:21.962323035 +0200 >@@ -60,5 +60,10 @@ > msg = 'escape' > self.assertRaisesRegexp(ValueError, msg, self.loads, s) > >+ def test_negative_index(self): >+ d = self.json.JSONDecoder() >+ self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000) >+ self.assertRaises(ValueError, d.raw_decode, u'a'*42, -50000) >+ > class TestPyDecode(TestDecode, PyTest): pass > class TestCDecode(TestDecode, CTest): pass >Index: Python-2.7.6/Misc/ACKS >=================================================================== >--- Python-2.7.6.orig/Misc/ACKS 2014-06-26 18:40:10.826269135 +0200 >+++ Python-2.7.6/Misc/ACKS 2014-06-26 18:40:21.962323035 +0200 >@@ -1085,6 +1085,7 @@ > Frank Visser > Johannes Vogel > Alex Volkov >+Guido Vranken > Martijn Vries > Niki W. Waibel > Wojtek Walczak >Index: Python-2.7.6/Modules/_json.c >=================================================================== >--- Python-2.7.6.orig/Modules/_json.c 2014-06-26 18:40:10.828269145 +0200 >+++ Python-2.7.6/Modules/_json.c 2014-06-26 18:40:21.965323049 +0200 >@@ -1491,7 +1491,10 @@ > PyObject *res; > char *str = PyString_AS_STRING(pystr); > Py_ssize_t length = PyString_GET_SIZE(pystr); >- if (idx >= length) { >+ if (idx < 0) >+ /* Compatibility with the Python version. */ >+ idx += length; >+ if (idx < 0 || idx >= length) { > PyErr_SetNone(PyExc_StopIteration); > return NULL; > } >@@ -1578,7 +1581,10 @@ > PyObject *res; > Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr); > Py_ssize_t length = PyUnicode_GET_SIZE(pystr); >- if (idx >= length) { >+ if (idx < 0) >+ /* Compatibility with Python version. */ >+ idx += length; >+ if (idx < 0 || idx >= length) { > PyErr_SetNone(PyExc_StopIteration); > return NULL; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 514686
: 381670