rpms / python

Clone
Source Code
GIT

Blame SOURCES/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c7-sig-altarch-armhfp
  1.   f350fcaea2b604e7cfb454abe8e54fe792ea8bf9
  2.   SOURCES
  3.   00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch
Blob History Raw
04a680 
From 0f12cb75c708978f9201c1dd3464d2a8572b4544 Mon Sep 17 00:00:00 2001
04a680 
From: Charalampos Stratakis <cstratak@redhat.com>
04a680 
Date: Fri, 8 Jul 2016 20:24:10 +0200
04a680 
Subject: [PATCH] CVE-2016-5636 fix
04a680
04a680 
---
04a680 
 Modules/zipimport.c | 9 +++++++++
04a680 
 1 file changed, 9 insertions(+)
04a680
04a680 
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
04a680 
index 7240cb4..2e6a61f 100644
04a680 
--- a/Modules/zipimport.c
04a680 
+++ b/Modules/zipimport.c
04a680 
@@ -861,6 +861,10 @@ get_data(char *archive, PyObject *toc_entry)
04a680 
                           &date, &crc)) {
04a680 
         return NULL;
04a680 
     }
04a680 
+    if (data_size < 0) {
04a680 
+        PyErr_Format(ZipImportError, "negative data size");
04a680 
+        return NULL;
04a680 
+    }
04a680
04a680 
     fp = fopen(archive, "rb");
04a680 
     if (!fp) {
04a680 
@@ -895,6 +899,11 @@ get_data(char *archive, PyObject *toc_entry)
04a680 
         PyMarshal_ReadShortFromFile(fp);        /* local header size */
04a680 
     file_offset += l;           /* Start of file data */
04a680
04a680 
+    if (data_size > LONG_MAX - 1) {
04a680 
+        fclose(fp);
04a680 
+        PyErr_NoMemory();
04a680 
+        return NULL;
04a680 
+    }
04a680 
     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
04a680 
                                           data_size : data_size + 1);
04a680 
     if (raw_data == NULL) {
04a680 
--
04a680 
2.7.4
04a680

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation