From 0f12cb75c708978f9201c1dd3464d2a8572b4544 Mon Sep 17 00:00:00 2001

From: Charalampos Stratakis <cstratak@redhat.com>

Date: Fri, 8 Jul 2016 20:24:10 +0200

Subject: [PATCH] CVE-2016-5636 fix

---

 Modules/zipimport.c | 9 +++++++++

 1 file changed, 9 insertions(+)

diff --git a/Modules/zipimport.c b/Modules/zipimport.c

index 7240cb4..2e6a61f 100644

--- a/Modules/zipimport.c

+++ b/Modules/zipimport.c

@@ -861,6 +861,10 @@ get_data(char *archive, PyObject *toc_entry)

                           &date, &crc)) {

         return NULL;

     }

+    if (data_size < 0) {

+        PyErr_Format(ZipImportError, "negative data size");

+        return NULL;

+    }

     fp = fopen(archive, "rb");

     if (!fp) {

@@ -895,6 +899,11 @@ get_data(char *archive, PyObject *toc_entry)

         PyMarshal_ReadShortFromFile(fp);        /* local header size */

     file_offset += l;           /* Start of file data */

+    if (data_size > LONG_MAX - 1) {

+        fclose(fp);

+        PyErr_NoMemory();

+        return NULL;

+    }

     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?

                                           data_size : data_size + 1);

     if (raw_data == NULL) {

-- 

2.7.4