mirror of
https://git.yoctoproject.org/poky
synced 2026-02-05 16:28:43 +01:00
e34ad1e27b
A remote user can send specially crafted data to trigger a buffer overflow in socket.recvfrom_into() and execute arbitrary code on the target system. The code will run with the privileges of the target service. This back-ported patch fixes CVE-2014-1912 (From OE-Core rev: 344049ccfa59ae489c35fe0fb7592f7d34720b51) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
27 lines
833 B
Diff
27 lines
833 B
Diff
Upstream-Status: Backport
|
|
|
|
Reference: http://bugs.python.org/issue20246
|
|
|
|
CVE-2014-1912: Python buffer overflow in socket.recvfrom_into()
|
|
lets remote users execute arbitrary code.Original patch by Benjamin Peterson
|
|
|
|
Signed-off-by: Maxin B. John <maxin.john@enea.com>
|
|
---
|
|
diff -r 40fb60df4755 Modules/socketmodule.c
|
|
--- a/Modules/socketmodule.c Sun Jan 12 12:11:47 2014 +0200
|
|
+++ b/Modules/socketmodule.c Mon Jan 13 16:36:35 2014 -0800
|
|
@@ -2744,6 +2744,13 @@
|
|
recvlen = buflen;
|
|
}
|
|
|
|
+ /* Check if the buffer is large enough */
|
|
+ if (buflen < recvlen) {
|
|
+ PyErr_SetString(PyExc_ValueError,
|
|
+ "buffer too small for requested bytes");
|
|
+ goto error;
|
|
+ }
|
|
+
|
|
readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
|
|
if (readlen < 0) {
|
|
/* Return an error */
|