diff --git a/SOURCES/fix-heap-overflow.patch b/SOURCES/fix-heap-overflow.patch new file mode 100644 index 0000000..dab7a7c --- /dev/null +++ b/SOURCES/fix-heap-overflow.patch @@ -0,0 +1,16 @@ +diff -ru subprocess32-3.2.6/_posixsubprocess_helpers.c subprocess32-3.2.6_patched/_posixsubprocess_helpers.c +--- subprocess32-3.2.6/_posixsubprocess_helpers.c 2012-06-09 08:31:40.000000000 +0200 ++++ subprocess32-3.2.6_patched/_posixsubprocess_helpers.c 2018-08-22 16:38:07.485734481 +0200 +@@ -110,6 +110,12 @@ + if (argc == -1) + return NULL; + ++ /* Avoid 32-bit overflows to malloc() from unreasonable values. */ ++ if (argc > 0x10000000) { ++ PyErr_NoMemory(); ++ return NULL; ++ } ++ + array = malloc((argc + 1) * sizeof(char *)); + if (array == NULL) { + PyErr_NoMemory(); diff --git a/SPECS/python-subprocess32.spec b/SPECS/python-subprocess32.spec index 2347399..b382ae9 100644 --- a/SPECS/python-subprocess32.spec +++ b/SPECS/python-subprocess32.spec @@ -8,7 +8,7 @@ Name: python-subprocess32 Version: 3.2.6 -Release: 13%{?dist} +Release: 14%{?dist} Summary: Backport of subprocess module from Python 3.2 to Python 2.* License: Python @@ -18,6 +18,10 @@ Source0: https://files.pythonhosted.org/packages/source/s/%{srcname}/%{sr BuildRequires: python2-devel BuildRequires: python-test +# Fix heap overflow when parsing too many arguments +# upstream fix: https://github.com/google/python-subprocess32/pull/55 +Patch0: fix-heap-overflow.patch + %global _description\ Backport of the subprocess module from Python 3.2 for use on 2.x.\ @@ -33,6 +37,8 @@ Summary: %summary %prep %setup -q -n subprocess32-%{version} +%patch0 -p1 + %build %py2_build @@ -55,6 +61,10 @@ PYTHONPATH=$(pwd) %{__python2} test_subprocess32.py %changelog +* Mon Nov 26 2018 Marcel Plch - 3.2.6-14 +- Backport upstream patch for heap overflow when parsing too many arguments +- Resolves: rhbz#1619386 + * Mon May 21 2018 Charalampos Stratakis - 3.2.6-13 - Import into RHEL 7.6 (rhbz#1440695)