python-interpreters/python311
SHA256
6
0
Fork 0
forked from pool/python311
Code Pull Requests Activity

Use the upstream patch

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=179
This commit is contained in:
Matej Cepl
2025-05-27 14:13:40 +00:00
committed by Git OBS Bridge
parent dd50740cbc
commit 0112763487
1 changed files with 38 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
CVE-2025-4516-DecodeError-handler.patch
View File

@@ -1,7 +1,7 @@
From a75953b347716fff694aa59a7c7c2489fa50d1f5 Mon Sep 17 00:00:00 2001 From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com> From: Serhiy Storchaka <storchaka@gmail.com>
Date: Tue, 20 May 2025 15:46:57 +0300 Date: Tue, 20 May 2025 15:46:57 +0300
Subject: [PATCH] [3.12] gh-133767: Fix use-after-free in the unicode-escape Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape
decoder with an error handler (GH-129648) (GH-133944) decoder with an error handler (GH-129648) (GH-133944)
If the error handler is used, a new bytes object is created to set as If the error handler is used, a new bytes object is created to set as
@@ -15,6 +15,7 @@ use the error handlers registry, but it should be changed for compatibility
with _PyUnicode_DecodeUnicodeEscapeInternal(). with _PyUnicode_DecodeUnicodeEscapeInternal().
(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) (cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e)
(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) (cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d)
(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
--- ---
@@ -23,16 +24,16 @@ Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/test/test_codeccallbacks.py | 39 ++++++ Lib/test/test_codeccallbacks.py | 39 ++++++
Lib/test/test_codecs.py | 52 ++++++-- Lib/test/test_codecs.py | 52 ++++++--
Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2
Objects/bytesobject.c | 54 +++++--- Objects/bytesobject.c | 56 ++++++--
Objects/unicodeobject.c | 61 +++++++--- Objects/unicodeobject.c | 63 +++++++---
Parser/string_parser.c | 26 ++-- Parser/string_parser.c | 24 ++-
8 files changed, 194 insertions(+), 57 deletions(-) 8 files changed, 197 insertions(+), 56 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst
Index: Python-3.11.12/Include/cpython/bytesobject.h Index: Python-3.11.12/Include/cpython/bytesobject.h
=================================================================== ===================================================================
--- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-04-08 14:15:29.000000000 +0000 --- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-22 12:57:58.382969999 +0000 +++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-27 16:13:11.519989563 +0200
@@ -25,6 +25,10 @@ @@ -25,6 +25,10 @@
int use_bytearray); int use_bytearray);
@@ -46,8 +47,8 @@ Index: Python-3.11.12/Include/cpython/bytesobject.h
Index: Python-3.11.12/Include/cpython/unicodeobject.h Index: Python-3.11.12/Include/cpython/unicodeobject.h
=================================================================== ===================================================================
--- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-04-08 14:15:29.000000000 +0000 --- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-22 12:57:58.383963607 +0000 +++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-27 16:13:11.520156067 +0200
@@ -914,6 +914,19 @@ @@ -914,6 +914,19 @@
); );
/* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape
@@ -70,8 +71,8 @@ Index: Python-3.11.12/Include/cpython/unicodeobject.h
Py_ssize_t length, /* size of string */ Py_ssize_t length, /* size of string */
Index: Python-3.11.12/Lib/test/test_codeccallbacks.py Index: Python-3.11.12/Lib/test/test_codeccallbacks.py
=================================================================== ===================================================================
--- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-22 12:57:49.587342695 +0000 --- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-22 12:57:58.384369150 +0000 +++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-27 16:13:11.520378996 +0200
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
import codecs import codecs
import html.entities import html.entities
@@ -134,8 +135,8 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py
# better generating one more character to fill the extra space slot # better generating one more character to fill the extra space slot
Index: Python-3.11.12/Lib/test/test_codecs.py Index: Python-3.11.12/Lib/test/test_codecs.py
=================================================================== ===================================================================
--- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-22 12:57:49.608177948 +0000 --- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-22 12:57:58.385050493 +0000 +++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-27 16:13:11.520814977 +0200
@@ -1198,23 +1198,39 @@ @@ -1198,23 +1198,39 @@
check(br"[\1010]", b"[A0]") check(br"[\1010]", b"[A0]")
check(br"[\x41]", b"[A]") check(br"[\x41]", b"[A]")
@@ -230,14 +231,14 @@ Index: Python-3.11.12/Lib/test/test_codecs.py
Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst
=================================================================== ===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 12:57:58.385668586 +0000 +++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:13:11.521185394 +0200
@@ -0,0 +1,2 @@ @@ -0,0 +1,2 @@
+Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error
+handler. +handler.
Index: Python-3.11.12/Objects/bytesobject.c Index: Python-3.11.12/Objects/bytesobject.c
=================================================================== ===================================================================
--- Python-3.11.12.orig/Objects/bytesobject.c 2025-04-08 14:15:29.000000000 +0000 --- Python-3.11.12.orig/Objects/bytesobject.c 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Objects/bytesobject.c 2025-05-22 12:57:58.386149592 +0000 +++ Python-3.11.12/Objects/bytesobject.c 2025-05-27 16:13:11.521614202 +0200
@@ -1057,10 +1057,11 @@ @@ -1057,10 +1057,11 @@
} }
@@ -290,7 +291,7 @@ Index: Python-3.11.12/Objects/bytesobject.c
} }
*p++ = '\\'; *p++ = '\\';
s--; s--;
@@ -1171,23 +1175,37 @@ @@ -1171,23 +1175,39 @@
return NULL; return NULL;
} }
@@ -328,15 +329,17 @@ Index: Python-3.11.12/Objects/bytesobject.c
- if ('4' <= c && c <= '7') { - if ('4' <= c && c <= '7') {
+ if (first_invalid_escape_char != -1) { + if (first_invalid_escape_char != -1) {
+ if (first_invalid_escape_char > 0xff) { + if (first_invalid_escape_char > 0xff) {
+ char buf[12] = "";
+ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char);
if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
- "invalid octal escape sequence '\\%.3s'", - "invalid octal escape sequence '\\%.3s'",
- first_invalid_escape) < 0) - first_invalid_escape) < 0)
+ "invalid octal escape sequence '\\%o'", + "invalid octal escape sequence '\\%s'",
+ first_invalid_escape_char) < 0) + buf) < 0)
{ {
Py_DECREF(result); Py_DECREF(result);
return NULL; return NULL;
@@ -1196,7 +1214,7 @@ @@ -1196,7 +1216,7 @@
else { else {
if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
"invalid escape sequence '\\%c'", "invalid escape sequence '\\%c'",
@@ -347,8 +350,8 @@ Index: Python-3.11.12/Objects/bytesobject.c
return NULL; return NULL;
Index: Python-3.11.12/Objects/unicodeobject.c Index: Python-3.11.12/Objects/unicodeobject.c
=================================================================== ===================================================================
--- Python-3.11.12.orig/Objects/unicodeobject.c 2025-04-08 14:15:29.000000000 +0000 --- Python-3.11.12.orig/Objects/unicodeobject.c 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Objects/unicodeobject.c 2025-05-22 12:57:58.387970080 +0000 +++ Python-3.11.12/Objects/unicodeobject.c 2025-05-27 16:13:11.523098541 +0200
@@ -6301,20 +6301,23 @@ @@ -6301,20 +6301,23 @@
static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; static _PyUnicode_Name_CAPI *ucnhash_capi = NULL;
@@ -408,7 +411,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c
} }
WRITE_ASCII_CHAR('\\'); WRITE_ASCII_CHAR('\\');
WRITE_CHAR(c); WRITE_CHAR(c);
@@ -6544,24 +6553,40 @@ @@ -6544,24 +6553,42 @@
return NULL; return NULL;
} }
@@ -449,15 +452,17 @@ Index: Python-3.11.12/Objects/unicodeobject.c
- if ('4' <= c && c <= '7') { - if ('4' <= c && c <= '7') {
+ if (first_invalid_escape_char != -1) { + if (first_invalid_escape_char != -1) {
+ if (first_invalid_escape_char > 0xff) { + if (first_invalid_escape_char > 0xff) {
+ char buf[12] = "";
+ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char);
if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
- "invalid octal escape sequence '\\%.3s'", - "invalid octal escape sequence '\\%.3s'",
- first_invalid_escape) < 0) - first_invalid_escape) < 0)
+ "invalid octal escape sequence '\\%o'", + "invalid octal escape sequence '\\%s'",
+ first_invalid_escape_char) < 0) + buf) < 0)
{ {
Py_DECREF(result); Py_DECREF(result);
return NULL; return NULL;
@@ -6570,7 +6595,7 @@ @@ -6570,7 +6597,7 @@
else { else {
if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
"invalid escape sequence '\\%c'", "invalid escape sequence '\\%c'",
@@ -468,9 +473,9 @@ Index: Python-3.11.12/Objects/unicodeobject.c
return NULL; return NULL;
Index: Python-3.11.12/Parser/string_parser.c Index: Python-3.11.12/Parser/string_parser.c
=================================================================== ===================================================================
--- Python-3.11.12.orig/Parser/string_parser.c 2025-04-08 14:15:29.000000000 +0000 --- Python-3.11.12.orig/Parser/string_parser.c 2025-05-27 16:12:54.739976905 +0200
+++ Python-3.11.12/Parser/string_parser.c 2025-05-22 14:13:25.035587017 +0000 +++ Python-3.11.12/Parser/string_parser.c 2025-05-27 16:13:11.524051710 +0200
@@ -130,13 +130,16 @@ @@ -130,12 +130,15 @@
len = p - buf; len = p - buf;
s = buf; s = buf;
@@ -485,14 +490,12 @@ Index: Python-3.11.12/Parser/string_parser.c
- if (v != NULL && first_invalid_escape != NULL) { - if (v != NULL && first_invalid_escape != NULL) {
- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { - if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) {
- /* We have not decref u before because first_invalid_escape points - /* We have not decref u before because first_invalid_escape points
- inside u. */ + if (v != NULL && first_invalid_escape_ptr != NULL) {
+ if (v != NULL && first_invalid_escape_ptr != NULL && t != NULL) {
+ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { + if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) {
+ /* We have not decref u before because first_invalid_escape_ptr + /* We have not decref u before because first_invalid_escape_ptr points
+ points inside u. */ inside u. */
Py_XDECREF(u); Py_XDECREF(u);
Py_DECREF(v); Py_DECREF(v);
return NULL;
@@ -149,14 +152,17 @@ @@ -149,14 +152,17 @@
static PyObject * static PyObject *
decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t)