- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow

in socket.recvfrom_into (CVE-2014-1912, bnc#863741) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=161
2014-02-13 16:49:05 +00:00 · 2014-02-13 16:49:05 +00:00 · 11f0210274
commit 11f0210274
parent 765b7c8fe4
5 changed files with 65 additions and 0 deletions
--- a/CVE-2014-1912-recvfrom_into.patch
+++ b/CVE-2014-1912-recvfrom_into.patch
@ -0,0 +1,54 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1389671978 18000
+# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
+# Parent  2631d33ee7fbd5f0288931ef37872218d511d2e8
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
+++ b/Lib/test/test_socket.py
+@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
+    def testRecvFromIntoSmallBuffer(self):
+        # See issue #20246.
+        buf = bytearray(8)
+        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+    def _testRecvFromIntoSmallBuffer(self):
+        with test_support.check_py3k_warnings():
+            buf = buffer(MSG)
+        self.serv_conn.send(buf)
+
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Misc/ACKS b/Misc/ACKS
+--- a/Misc/ACKS
+++ b/Misc/ACKS
+@@ -979,6 +979,7 @@ Eric V. Smith
+ Christopher Smith
+ Gregory P. Smith
+ Roy Smith
+Ryan Smith-Roberts
+ Rafal Smotrzyk
+ Dirk Soede
+ Paul Sokolovsky
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
+@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        goto error;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
+
--- a/python-base.changes
+++ b/python-base.changes
@ -12,6 +12,8 @@ Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com
  (bnc#857470, issue18045)
 - multilib patch: add "~/.local/lib64" paths to search path
  (bnc#637176)
+- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow
+  in socket.recvfrom_into (CVE-2014-1912, bnc#863741)

 -------------------------------------------------------------------
 Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com
--- a/python-base.spec
+++ b/python-base.spec
@ -60,6 +60,8 @@ Patch28:        smtplib_maxline-2.7.patch
 Patch29:        python-2.7.6-poplib.patch
 # [bnc#857470] add missing import to bdist_rpm command
 Patch30:        python-2.7.6-bdist-rpm.patch
+# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
+Patch31:        CVE-2014-1912-recvfrom_into.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -159,6 +161,7 @@ other applications.
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
+%patch31 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python-doc.spec
+++ b/python-doc.spec
@ -65,6 +65,8 @@ Patch28:        smtplib_maxline-2.7.patch
 Patch29:        python-2.7.6-poplib.patch
 # [bnc#857470] add missing import to bdist_rpm command
 Patch30:        python-2.7.6-bdist-rpm.patch
+# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
+Patch31:        CVE-2014-1912-recvfrom_into.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps
@ -118,6 +120,7 @@ Python, and Macintosh Module Reference in PDF format.
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
+%patch31 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python.spec
+++ b/python.spec
@ -66,6 +66,8 @@ Patch28:        smtplib_maxline-2.7.patch
 Patch29:        python-2.7.6-poplib.patch
 # [bnc#857470] add missing import to bdist_rpm command
 Patch30:        python-2.7.6-bdist-rpm.patch
+# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
+Patch31:        CVE-2014-1912-recvfrom_into.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -195,6 +197,7 @@ implementation of the standard Unix DBM databases.
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
+%patch31 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac