diff options
author | Andras Timar <andras.timar@collabora.com> | 2018-07-09 09:48:42 +0200 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2018-07-09 09:48:42 +0200 |
commit | 909f85a3c81095c40153dda5811eee9566441ecb (patch) | |
tree | e24b3d2d26660892beed42a2e2c27c91523278b0 /external | |
parent | 87866d75fbfc72abfde680e3141926644eab7fda (diff) |
Revert "Fix Python CVE-2017-1000158"
This reverts commit bb9c949c31d8a17a34baeaebb7bbac81f9056d61.
Diffstat (limited to 'external')
-rw-r--r-- | external/python3/UnpackedTarball_python3.mk | 1 | ||||
-rw-r--r-- | external/python3/python-3.5.5-CVE-2017-1000158.patch.1 | 62 |
2 files changed, 0 insertions, 63 deletions
diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index 9ed7a1ccce38..35d6e643a1b0 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -26,7 +26,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/python-3.3.5-pyexpat-symbols.patch.1 \ external/python3/ubsan.patch.0 \ external/python3/python-3.5.tweak.strip.soabi.patch \ - external/python3/python-3.5.5-CVE-2017-1000158.patch.1 \ )) ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),) diff --git a/external/python3/python-3.5.5-CVE-2017-1000158.patch.1 b/external/python3/python-3.5.5-CVE-2017-1000158.patch.1 deleted file mode 100644 index 9bd472fd713d..000000000000 --- a/external/python3/python-3.5.5-CVE-2017-1000158.patch.1 +++ /dev/null @@ -1,62 +0,0 @@ -From fd8614c5c5466a14a945db5b059c10c0fb8f76d9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz> -Date: Fri, 8 Dec 2017 22:34:12 +0100 -Subject: [PATCH] bpo-30657: Fix CVE-2017-1000158 (#4664) - -Fixes possible integer overflow in PyBytes_DecodeEscape. - -Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com> ---- - Misc/ACKS | 2 ++ - .../NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst | 2 ++ - Objects/bytesobject.c | 8 +++++++- - 3 files changed, 11 insertions(+), 1 deletion(-) - create mode 100644 Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst - -diff --git a/Misc/ACKS b/Misc/ACKS -index fbf110d801b5..1a35aad66ce7 100644 ---- a/Misc/ACKS -+++ b/Misc/ACKS -@@ -167,6 +167,7 @@ Médéric Boquien - Matias Bordese - Jonas Borgström - Jurjen Bos -+Jay Bosamiya - Peter Bosch - Dan Boswell - Eric Bouck -@@ -651,6 +652,7 @@ Ken Howard - Brad Howes - Mike Hoy - Ben Hoyt -+Miro Hrončok - Chiu-Hsiang Hsu - Chih-Hao Huang - Christian Hudon -diff --git a/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst -new file mode 100644 -index 000000000000..75359b6d8833 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst -@@ -0,0 +1,2 @@ -+Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158. -+Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok. -diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c -index 77dd45e84af8..9b29dc38b44f 100644 ---- a/Objects/bytesobject.c -+++ b/Objects/bytesobject.c -@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s, - char *p, *buf; - const char *end; - PyObject *v; -- Py_ssize_t newlen = recode_encoding ? 4*len:len; -+ Py_ssize_t newlen; -+ /* Check for integer overflow */ -+ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) { -+ PyErr_SetString(PyExc_OverflowError, "string is too large"); -+ return NULL; -+ } -+ newlen = recode_encoding ? 4*len:len; - v = PyBytes_FromStringAndSize((char *)NULL, newlen); - if (v == NULL) - return NULL; |