blob: e9a6cca01797abf4a27e1bbc7298757a3452ea4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
python: fix _json module arbitrary process memory read vulnerability
Upstream-Status: submitted
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
--- a/Modules/_json.c 2014-07-15 15:37:17.151046356 +0200
+++ b/Modules/_json.c 2014-07-15 15:38:37.335605042 +0200
@@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje
PyObject *res;
char *str = PyString_AS_STRING(pystr);
Py_ssize_t length = PyString_GET_SIZE(pystr);
- if (idx >= length) {
+ if ( idx < 0 || idx >= length) {
PyErr_SetNone(PyExc_StopIteration);
return NULL;
}
@@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py
PyObject *res;
Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
- if (idx >= length) {
+ if ( idx < 0 || idx >= length) {
PyErr_SetNone(PyExc_StopIteration);
return NULL;
}
|