diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/CVE-2016-5636.patch')
-rw-r--r-- | meta/recipes-devtools/python/python/CVE-2016-5636.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch deleted file mode 100644 index 9a37471459..0000000000 --- a/meta/recipes-devtools/python/python/CVE-2016-5636.patch +++ /dev/null @@ -1,44 +0,0 @@ - -# HG changeset patch -# User Benjamin Peterson <benjamin@python.org> -# Date 1453357424 28800 -# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d -# Parent 7ec954b9fc54448a35b56d271340ba109eb381b9 -prevent buffer overflow in get_data (closes #26171) - -Upstream-Status: Backport -https://hg.python.org/cpython/rev/985fc64c60d6 - -CVE: CVE-2016-5636 -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: Python-2.7.11/Misc/NEWS -=================================================================== ---- Python-2.7.11.orig/Misc/NEWS -+++ Python-2.7.11/Misc/NEWS -@@ -7,6 +7,9 @@ What's New in Python 2.7.11? - - *Release date: 2015-12-05* - -+- Issue #26171: Fix possible integer overflow and heap corruption in -+ zipimporter.get_data(). -+ - Library - ------- - -Index: Python-2.7.11/Modules/zipimport.c -=================================================================== ---- Python-2.7.11.orig/Modules/zipimport.c -+++ Python-2.7.11/Modules/zipimport.c -@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en - PyMarshal_ReadShortFromFile(fp); /* local header size */ - file_offset += l; /* Start of file data */ - -+ if (data_size > LONG_MAX - 1) { -+ fclose(fp); -+ PyErr_NoMemory(); -+ return NULL; -+ } - raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ? - data_size : data_size + 1); - if (raw_data == NULL) { |