From 11f02102748b99db28a85205985e279724b14deb9c8db51c5ab107e0f6c8af7b Mon Sep 17 00:00:00 2001 From: Jan Matejek Date: Thu, 13 Feb 2014 16:49:05 +0000 Subject: [PATCH] - CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=161 --- CVE-2014-1912-recvfrom_into.patch | 54 +++++++++++++++++++++++++++++++ python-base.changes | 2 ++ python-base.spec | 3 ++ python-doc.spec | 3 ++ python.spec | 3 ++ 5 files changed, 65 insertions(+) create mode 100644 CVE-2014-1912-recvfrom_into.patch diff --git a/CVE-2014-1912-recvfrom_into.patch b/CVE-2014-1912-recvfrom_into.patch new file mode 100644 index 0000000..6b8551f --- /dev/null +++ b/CVE-2014-1912-recvfrom_into.patch @@ -0,0 +1,54 @@ + +# HG changeset patch +# User Benjamin Peterson +# Date 1389671978 18000 +# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9 +# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8 +complain when nbytes > buflen to fix possible buffer overflow (closes #20246) + +diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py +--- a/Lib/test/test_socket.py ++++ b/Lib/test/test_socket.py +@@ -1620,6 +1620,16 @@ class BufferIOTest(SocketConnectedTest): + + _testRecvFromIntoMemoryview = _testRecvFromIntoArray + ++ def testRecvFromIntoSmallBuffer(self): ++ # See issue #20246. ++ buf = bytearray(8) ++ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) ++ ++ def _testRecvFromIntoSmallBuffer(self): ++ with test_support.check_py3k_warnings(): ++ buf = buffer(MSG) ++ self.serv_conn.send(buf) ++ + + TIPC_STYPE = 2000 + TIPC_LOWER = 200 +diff --git a/Misc/ACKS b/Misc/ACKS +--- a/Misc/ACKS ++++ b/Misc/ACKS +@@ -979,6 +979,7 @@ Eric V. Smith + Christopher Smith + Gregory P. Smith + Roy Smith ++Ryan Smith-Roberts + Rafal Smotrzyk + Dirk Soede + Paul Sokolovsky +diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c +--- a/Modules/socketmodule.c ++++ b/Modules/socketmodule.c +@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s + if (recvlen == 0) { + /* If nbytes was not specified, use the buffer's length */ + recvlen = buflen; ++ } else if (recvlen > buflen) { ++ PyErr_SetString(PyExc_ValueError, ++ "nbytes is greater than the length of the buffer"); ++ goto error; + } + + readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr); + diff --git a/python-base.changes b/python-base.changes index 32d6f16..2c66a83 100644 --- a/python-base.changes +++ b/python-base.changes @@ -12,6 +12,8 @@ Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com (bnc#857470, issue18045) - multilib patch: add "~/.local/lib64" paths to search path (bnc#637176) +- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow + in socket.recvfrom_into (CVE-2014-1912, bnc#863741) ------------------------------------------------------------------- Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com diff --git a/python-base.spec b/python-base.spec index 212fc31..f5b6a67 100644 --- a/python-base.spec +++ b/python-base.spec @@ -60,6 +60,8 @@ Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch # [bnc#857470] add missing import to bdist_rpm command Patch30: python-2.7.6-bdist-rpm.patch +# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into +Patch31: CVE-2014-1912-recvfrom_into.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -159,6 +161,7 @@ other applications. %patch28 -p1 %patch29 -p1 %patch30 -p1 +%patch31 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python-doc.spec b/python-doc.spec index d345c69..a6ca3ab 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -65,6 +65,8 @@ Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch # [bnc#857470] add missing import to bdist_rpm command Patch30: python-2.7.6-bdist-rpm.patch +# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into +Patch31: CVE-2014-1912-recvfrom_into.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -118,6 +120,7 @@ Python, and Macintosh Module Reference in PDF format. %patch28 -p1 %patch29 -p1 %patch30 -p1 +%patch31 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python.spec b/python.spec index ff0262e..0983671 100644 --- a/python.spec +++ b/python.spec @@ -66,6 +66,8 @@ Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch # [bnc#857470] add missing import to bdist_rpm command Patch30: python-2.7.6-bdist-rpm.patch +# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into +Patch31: CVE-2014-1912-recvfrom_into.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -195,6 +197,7 @@ implementation of the standard Unix DBM databases. %patch28 -p1 %patch29 -p1 %patch30 -p1 +%patch31 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac