diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch')
| -rw-r--r-- | meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch deleted file mode 100644 index 60ef145c7c..0000000000 --- a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2014-7185.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 104eb318283dde5203aa6cf7384287bef181e308 Mon Sep 17 00:00:00 2001 -From: Wenzong Fan <wenzong.fan@windriver.com> -Date: Wed, 12 Nov 2014 01:58:02 -0500 -Subject: [PATCH] python: fix CVE-2014-7185 - -Reference: http://bugs.python.org/issue21831 - -CVE-2014-7185: Integer overflow in bufferobject.c in Python before -2.7.8 allows context-dependent attackers to obtain sensitive -information from process memory via a large size and offset in a -"buffer" function. - -Upstream-Status: Backport - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - Lib/test/test_buffer.py | 6 ++++++ - Misc/NEWS | 3 +++ - Objects/bufferobject.c | 2 +- - 3 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/Lib/test/test_buffer.py b/Lib/test/test_buffer.py -index 6bdc34d..3ac1f8c 100644 ---- a/Lib/test/test_buffer.py -+++ b/Lib/test/test_buffer.py -@@ -4,6 +4,7 @@ For now, tests just new or changed functionality. - - """ - -+import sys - import unittest - from test import test_support - -@@ -21,6 +22,11 @@ class BufferTests(unittest.TestCase): - self.assertEqual(b[start:stop:step], - s[start:stop:step]) - -+ def test_large_buffer_size_and_offset(self): -+ data = bytearray('hola mundo') -+ buf = buffer(data, sys.maxsize, sys.maxsize) -+ self.assertEqual(buf[:4096], "") -+ - - def test_main(): - with test_support.check_py3k_warnings(("buffer.. not supported", -diff --git a/Misc/NEWS b/Misc/NEWS -index e8778ad..77396c5 100644 ---- a/Misc/NEWS -+++ b/Misc/NEWS -@@ -1896,6 +1896,9 @@ What's New in Python 2.7 Release Candidate 1? - Core and Builtins - ----------------- - -+- Issue #21831: Avoid integer overflow when large sizes and offsets are given to -+ the buffer type. CVE-2014-7185. -+ - - Issue #8271: during the decoding of an invalid UTF-8 byte sequence, only the - start byte and the continuation byte(s) are now considered invalid, instead - of the number of bytes specified by the start byte. -diff --git a/Objects/bufferobject.c b/Objects/bufferobject.c -index c52f0bc..c542506 100644 ---- a/Objects/bufferobject.c -+++ b/Objects/bufferobject.c -@@ -88,7 +88,7 @@ get_buf(PyBufferObject *self, void **ptr, Py_ssize_t *size, - *size = count; - else - *size = self->b_size; -- if (offset + *size > count) -+ if (*size > count - offset) - *size = count - offset; - } - return 1; --- -1.7.9.5 - |