diff options
Diffstat (limited to 'meta/recipes-devtools/python/python')
-rw-r--r-- | meta/recipes-devtools/python/python/json-flaw-fix.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/json-flaw-fix.patch b/meta/recipes-devtools/python/python/json-flaw-fix.patch new file mode 100644 index 0000000000..e9a6cca017 --- /dev/null +++ b/meta/recipes-devtools/python/python/json-flaw-fix.patch @@ -0,0 +1,27 @@ + +python: fix _json module arbitrary process memory read vulnerability + +Upstream-Status: submitted + +Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com> + +--- a/Modules/_json.c 2014-07-15 15:37:17.151046356 +0200 ++++ b/Modules/_json.c 2014-07-15 15:38:37.335605042 +0200 +@@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje + PyObject *res; + char *str = PyString_AS_STRING(pystr); + Py_ssize_t length = PyString_GET_SIZE(pystr); +- if (idx >= length) { ++ if ( idx < 0 || idx >= length) { + PyErr_SetNone(PyExc_StopIteration); + return NULL; + } +@@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py + PyObject *res; + Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr); + Py_ssize_t length = PyUnicode_GET_SIZE(pystr); +- if (idx >= length) { ++ if ( idx < 0 || idx >= length) { + PyErr_SetNone(PyExc_StopIteration); + return NULL; + } |