[gentoo-commits] gentoo-x86 commit in dev-lang/python/files: python-3.2-CVE-2014-4616.patch python-3.3-CVE-2014-4616.patch

Tue, 29 Jul 2014 00:20:06 -0700 

pinkbyte    14/07/29 07:19:13

  Added:                python-3.2-CVE-2014-4616.patch
                        python-3.3-CVE-2014-4616.patch
  Log:
  Revision bump: add patch for CVE-2014-4616, bug #514686. Drop old revisions. 
Acked by Python team
  
  (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 
0x1F357D42)

Revision  Changes    Path
1.1                  dev-lang/python/files/python-3.2-CVE-2014-4616.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-4616.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.2-CVE-2014-4616.patch?rev=1.1&content-type=text/plain

Index: python-3.2-CVE-2014-4616.patch
===================================================================
# HG changeset patch
# User Benjamin Peterson <benja...@python.org>
# Date 1397441438 14400
# Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0
# Parent  218e28a935ab4494d05215c243e2129625a71893
in scan_once, prevent the reading of arbitrary memory when passed a negative 
index

Bug reported by Guido Vranken.

Index: Python-3.2.5/Lib/json/tests/test_decode.py
===================================================================
--- Python-3.2.5.orig/Lib/test/json_tests/test_decode.py        2014-06-26 
18:40:10.825269130 +0200
+++ Python-3.2.5/Lib/test/json_tests/test_decode.py     2014-06-26 
18:40:21.962323035 +0200
@@ -60,5 +60,9 @@
         msg = 'escape'
         self.assertRaisesRegexp(ValueError, msg, self.loads, s)
 
+    def test_negative_index(self):
+        d = self.json.JSONDecoder()
+        self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000)
+
 class TestPyDecode(TestDecode, PyTest): pass
 class TestCDecode(TestDecode, CTest): pass
Index: Python-3.2.5/Modules/_json.c
===================================================================
--- a/Modules/_json.c
+++ b/Modules/_json.c
@@ -930,7 +930,10 @@ scan_once_unicode(PyScannerObject *s, Py
     PyObject *res;
     Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
     Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
-    if (idx >= length) {
+    if (idx < 0)
+        /* Compatibility with Python version. */
+        idx += length;
+    if (idx < 0 || idx >= length) {
         PyErr_SetNone(PyExc_StopIteration);
         return NULL;
     }



1.1                  dev-lang/python/files/python-3.3-CVE-2014-4616.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.3-CVE-2014-4616.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/python/files/python-3.3-CVE-2014-4616.patch?rev=1.1&content-type=text/plain

Index: python-3.3-CVE-2014-4616.patch
===================================================================
# HG changeset patch
# User Benjamin Peterson <benja...@python.org>
# Date 1397441438 14400
# Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0
# Parent  218e28a935ab4494d05215c243e2129625a71893
in scan_once, prevent the reading of arbitrary memory when passed a negative 
index

Bug reported by Guido Vranken.

Index: Python-3.3.5/Lib/json/tests/test_decode.py
===================================================================
--- Python-3.3.5.orig/Lib/test/test_json/test_decode.py 2014-06-26 
18:40:10.825269130 +0200
+++ Python-3.3.5/Lib/test/test_json/test_decode.py      2014-06-26 
18:40:21.962323035 +0200
@@ -60,5 +60,10 @@
         msg = 'escape'
         self.assertRaisesRegexp(ValueError, msg, self.loads, s)
 
+    def test_negative_index(self):
+        d = self.json.JSONDecoder()
+        self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000)
+        self.assertRaises(ValueError, d.raw_decode, u'a'*42, -50000)
+
 class TestPyDecode(TestDecode, PyTest): pass
 class TestCDecode(TestDecode, CTest): pass
Index: Python-3.3.5/Misc/ACKS
===================================================================
--- Python-3.3.5.orig/Misc/ACKS 2014-06-26 18:40:10.826269135 +0200
+++ Python-3.3.5/Misc/ACKS      2014-06-26 18:40:21.962323035 +0200
@@ -1085,6 +1085,7 @@
 Frank Visser
 Johannes Vogel
 Alex Volkov
+Guido Vranken
 Martijn Vries
 Niki W. Waibel
 Wojtek Walczak
Index: Python-3.3.5/Modules/_json.c
===================================================================
--- a/Modules/_json.c
+++ b/Modules/_json.c
@@ -975,7 +975,10 @@ scan_once_unicode(PyScannerObject *s, Py
     kind = PyUnicode_KIND(pystr);
     length = PyUnicode_GET_LENGTH(pystr);
 
-    if (idx >= length) {
+    if (idx < 0)
+        /* Compatibility with Python version. */
+        idx += length;
+    if (idx < 0 || idx >= length) {
         PyErr_SetNone(PyExc_StopIteration);
         return NULL;
     }

Reply via email to