Naresh(OpenERP) has proposed merging
lp:~openerp-dev/openobject-client/trunk-bug-671926-nch into
lp:openobject-client.
Requested reviews:
OpenERP sa GTK client R&D (openerp-dev-gtk)
For more details, see:
https://code.launchpad.net/~openerp-dev/openobject-client/trunk-bug-671926-nch/+merge/66747
--
https://code.launchpad.net/~openerp-dev/openobject-client/trunk-bug-671926-nch/+merge/66747
Your team OpenERP sa GTK client R&D is requested to review the proposed merge
of lp:~openerp-dev/openobject-client/trunk-bug-671926-nch into
lp:openobject-client.
=== modified file 'bin/tiny_socket.py'
--- bin/tiny_socket.py 2010-01-12 09:24:17 +0000
+++ bin/tiny_socket.py 2011-07-04 05:47:20 +0000
@@ -21,6 +21,7 @@
import socket
import cPickle
+import cStringIO
import sys
import options
@@ -42,6 +43,16 @@
self.faultString = faultString
self.args = (faultCode, faultString)
+# Safety class instance loader for unpickling.
+# Inspired by http://nadiana.com/python-pickle-insecure#How_to_Make_Unpickling_Safer
+SAFE_CLASSES = { 'exceptions' : ['Exception'] }
+def find_global(module, name):
+ if module not in SAFE_CLASSES or name not in SAFE_CLASSES[module]:
+ raise cPickle.UnpicklingError('Unsafe pickled data')
+ __import__(module)
+ mod = sys.modules[module]
+ return getattr(mod, name)
+
class mysocket:
def __init__(self, sock=None):
if sock is None:
@@ -84,7 +95,11 @@
size = int(read(self.sock, 8))
buf = read(self.sock, 1)
exception = buf != '0' and buf or False
- res = cPickle.loads(read(self.sock, size))
+ buf = read(self.sock, size)
+ msgio = cStringIO.StringIO(buf)
+ unpickler = cPickle.Unpickler(msgio)
+ unpickler.find_global = find_global
+ res = unpickler.load()
if isinstance(res[0],Exception):
if exception:
_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-gtk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-dev-gtk
More help : https://help.launchpad.net/ListHelp
