aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python3/CVE-2016-5636.patch
blob: 0d494d20f49d17ea31419ecc645fd7691c010535 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1453357506 28800
# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f
# Parent  a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent  01ddd608b85c85952537d95a43bbabf4fb655057
merge 3.4 (#26171)

Upstream-Status: Backport
CVE: CVE-2016-5636

https://hg.python.org/cpython/raw-rev/10dad6da1b28
Signed-off-by: Armin Kuster <akuster@mvista.com>

Index: Python-3.5.1/Misc/NEWS
===================================================================
--- Python-3.5.1.orig/Misc/NEWS
+++ Python-3.5.1/Misc/NEWS
@@ -91,6 +91,9 @@ Core and Builtins
   Python.h header to fix a compilation error with OpenMP. PyThreadState_GET()
   becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies.
 
+- Issue #26171: Fix possible integer overflow and heap corruption in
+  zipimporter.get_data().
+
 Library
 -------
 
Index: Python-3.5.1/Modules/zipimport.c
===================================================================
--- Python-3.5.1.orig/Modules/zipimport.c
+++ Python-3.5.1/Modules/zipimport.c
@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
     }
     file_offset += l;           /* Start of file data */
 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
     bytes_size = compress == 0 ? data_size : data_size + 1;
     if (bytes_size == 0)
         bytes_size++;