aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python/json-flaw-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/python/python/json-flaw-fix.patch')
-rw-r--r--meta/recipes-devtools/python/python/json-flaw-fix.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/json-flaw-fix.patch b/meta/recipes-devtools/python/python/json-flaw-fix.patch
new file mode 100644
index 0000000000..e9a6cca017
--- /dev/null
+++ b/meta/recipes-devtools/python/python/json-flaw-fix.patch
@@ -0,0 +1,27 @@
+
+python: fix _json module arbitrary process memory read vulnerability
+
+Upstream-Status: submitted
+
+Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
+
+--- a/Modules/_json.c 2014-07-15 15:37:17.151046356 +0200
++++ b/Modules/_json.c 2014-07-15 15:38:37.335605042 +0200
+@@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje
+ PyObject *res;
+ char *str = PyString_AS_STRING(pystr);
+ Py_ssize_t length = PyString_GET_SIZE(pystr);
+- if (idx >= length) {
++ if ( idx < 0 || idx >= length) {
+ PyErr_SetNone(PyExc_StopIteration);
+ return NULL;
+ }
+@@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py
+ PyObject *res;
+ Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
+ Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
+- if (idx >= length) {
++ if ( idx < 0 || idx >= length) {
+ PyErr_SetNone(PyExc_StopIteration);
+ return NULL;
+ }
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-27 06:30:16 +0000