mirror of
https://git.yoctoproject.org/poky
synced 2026-02-05 16:28:43 +01:00
d1fdd0ad55
Affects python3 < 3.5.1 Base Score (4.4) Medium (From OE-Core rev: a7cbd6805febadaad60d1e05899e10e9a8a36c26) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
|
|
# HG changeset patch
|
|
# User Benjamin Peterson <benjamin@python.org>
|
|
# Date 1453357506 28800
|
|
# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f
|
|
# Parent a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent 01ddd608b85c85952537d95a43bbabf4fb655057
|
|
merge 3.4 (#26171)
|
|
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2016-5636
|
|
|
|
https://hg.python.org/cpython/raw-rev/10dad6da1b28
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
Index: Python-3.5.1/Misc/NEWS
|
|
===================================================================
|
|
--- Python-3.5.1.orig/Misc/NEWS
|
|
+++ Python-3.5.1/Misc/NEWS
|
|
@@ -91,6 +91,9 @@ Core and Builtins
|
|
Python.h header to fix a compilation error with OpenMP. PyThreadState_GET()
|
|
becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies.
|
|
|
|
+- Issue #26171: Fix possible integer overflow and heap corruption in
|
|
+ zipimporter.get_data().
|
|
+
|
|
Library
|
|
-------
|
|
|
|
Index: Python-3.5.1/Modules/zipimport.c
|
|
===================================================================
|
|
--- Python-3.5.1.orig/Modules/zipimport.c
|
|
+++ Python-3.5.1/Modules/zipimport.c
|
|
@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
|
|
}
|
|
file_offset += l; /* Start of file data */
|
|
|
|
+ if (data_size > LONG_MAX - 1) {
|
|
+ fclose(fp);
|
|
+ PyErr_NoMemory();
|
|
+ return NULL;
|
|
+ }
|
|
bytes_size = compress == 0 ? data_size : data_size + 1;
|
|
if (bytes_size == 0)
|
|
bytes_size++;
|